Created
December 12, 2019 00:07
-
-
Save aeharvlee/05a12e6e6d764c160c0f522a1bdec16d to your computer and use it in GitHub Desktop.
Impossible Command Injection Source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if( isset( $_POST[ 'Submit' ] ) ) { | |
// Check Anti-CSRF token | |
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' ); | |
// Get input | |
$target = $_REQUEST[ 'ip' ]; | |
$target = stripslashes( $target ); | |
// Split the IP into 4 octects | |
$octet = explode( ".", $target ); | |
// Check IF each octet is an integer | |
if( ( is_numeric( $octet[0] ) ) && ( is_numeric( $octet[1] ) ) && ( is_numeric( $octet[2] ) ) && ( is_numeric( $octet[3] ) ) && ( sizeof( $octet ) == 4 ) ) { | |
// If all 4 octets are int's put the IP back together. | |
$target = $octet[0] . '.' . $octet[1] . '.' . $octet[2] . '.' . $octet[3]; | |
// Determine OS and execute the ping command. | |
if( stristr( php_uname( 's' ), 'Windows NT' ) ) { | |
// Windows | |
$cmd = shell_exec( 'ping ' . $target ); | |
} | |
else { | |
// *nix | |
$cmd = shell_exec( 'ping -c 4 ' . $target ); | |
} | |
// Feedback for the end user | |
echo "<pre>{$cmd}</pre>"; | |
} | |
else { | |
// Ops. Let the user name theres a mistake | |
echo '<pre>ERROR: You have entered an invalid IP.</pre>'; | |
} | |
} | |
// Generate Anti-CSRF token | |
generateSessionToken(); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment