Archive for the ‘system’ Tag

System call injection

With the follow commands you can execute an external program on the system (server).

  • shell_exec
  • proc_open
  • system
  • exec
  • passthru
  • popen
  • “ (back tick operator)

This form sends a domain name and prints the result back from the linux program whois.

Continue reading

What does a phpshell look like?

After my last posting “(evil) Register Globals (on)“, I got an email asking what remote files look like and what they do. I call remote files “phpshells”. phpshells can send commands directly to the server system over http.

An easy version could be using a GET variable for a system call. Indeed, it’s enough to steal information, destroy pages and do other nasty stuff on a web server.

<?php
    system($_GET[‘cmd’]);
?>

The r57shell is the deluxe version of a phpshell. I added some pictures below. It’s an interface and has functions like ftp, mail and many more.

Continue reading