Skip to content

Instantly share code, notes, and snippets.

@bazooka07

bazooka07/critical-functions.php

Created August 1, 2022 09:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bazooka07/cbba503741c42433b92f66ad827e473b to your computer and use it in GitHub Desktop.
Save bazooka07/cbba503741c42433b92f66ad827e473b to your computer and use it in GitHub Desktop.
Download ZIP
Contenu d'une page statique dans le CMS PluXml pour lister les fonctions critiques de PHP
Raw
critical-functions.php
<?php
/**
* Script à insérer dans une page statique de PluXml pour vérifier les fonctions critiques de PHP
* encore actives.
* les fonctions à désactiver peuvent être listées dans la directive disable_functions du fichier php.ini
*
* https://pluxml.org/
* https://forum.pluxml.org/discussion/7232/pluxml-5-8-8-released
* https://www.php.net/manual/fr/ini.core.php#ini.disable-functions
* https://www.tarlogic.com/blog/disable_functions-bypasses-and-php-exploitation/
*
* */
?>
<style>
#php_functions ul {
column-count: 3;
border: 1px solid #444;
}
#php_functions pre {
max-height: 72rem;
background-color: #444;
color: yellow;
}
#php_functions h2 {
font-size: 3.2rem;
font-weight: bold;
color: var(--color1);
}
</style>
<div id="php_functions">
<ul id="critical_functions">
<?php
$disabled_functions = array();
$listing = array(
'chown',
'chmod',
'get_current_user',
'php_uname',
'putenv',
'set_time_limit',
'getmyuid',
'getmypid',
'dl',
'ini_alter',
'ini_restore',
'realpath',
'tmpfile',
'link',
'shell_exec',
'proc_open',
'chroot',
'sleep',
'usleep',
'umask',
'set_include_path',
'restore_include_path',
'ini_set',
'exec',
'passthru',
'system',
'popen',
'pclose',
'leak',
'mysql_list_dbs',
# 'listen',
'chgrp',
'disk_total_space',
'disk_free_space',
'rmdir',
'openlog',
'closelog',
'syslog',
'flock',
'socket_create_listen',
'socket_accept',
'socket_listen',
'symlink',
'setlocale',
'imagerotate',
# https://www.vaadata.com/blog/fr/proteger-votre-site-bonnes-pratiques-de-securite-pour-php-2/
'show_source',
'exec',
'shell_exec',
'system',
'passthru',
'proc_open',
'popen',
'curl_exec',
'curl_multi_exec',
'parse_ini_file',
'show_source',
# https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php
# https://pentestmonkey.net/tools/web-shells/php-reverse-shell
'fsockopen',
'proc_open',
# https://programming.vip/docs/php-disable_function-bypass.html
'eval',
'passthru',
'exec',
'system',
'chroot',
'scandir',
'chgrp',
'chown',
'shell_exec',
'proc_open',
'proc_get_status',
# Autres
'socket_create',
'ini_get_all',
'phpinfo',
'pcntl_exec',
);
sort($listing);
function itemListing($fnc) {
?>
<li><a href="https://www.php.net/manual/fr/function.<?= str_replace('_', '-', $fnc) ?>.php" target="_blanck"><?= $fnc ?></a></li>
<?php
}
foreach(array_unique($listing) as $fnc) {
if (function_exists($fnc)) {
itemListing($fnc);
} else {
$disabled_functions[] = $fnc;
}
}
?>
</ul>
<?php
if (!empty($disabled_functions)) {
?>
<h2>Fonctions désactivées ou inconnues</h2>
<ul id="disabled_functions_functions">
<?php
foreach($disabled_functions as $fnc) {
itemListing($fnc);
}
?>
</ul>
<?php
}
if(function_exists('ini_get_all')) {
?>
<h2>Paramétrage dans le fichier de configuration php.ini</h2>
<pre>
<?php
print_r(ini_get_all());
?>
</pre>
<?php
}
?>
</div>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment