Skip to content

Instantly share code, notes, and snippets.

@ts0818

ts0818/command_injection_02.php

Created November 5, 2015 08:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ts0818/544871a431f4815a013f to your computer and use it in GitHub Desktop.
Save ts0818/544871a431f4815a013f to your computer and use it in GitHub Desktop.
Download ZIP
パーフェクトPHP コマンド実行攻撃(Command Injection)対応方法
Raw
command_injection_02.php
<?php
// 一覧を出力するディレクトリを$dir変数にセット
if (isset($_GET['dir']) === true) {
// nullバイトを削除
$dir = str_replace("\0", '', $_GET['dir']);
} else {
$dir = '/';
}
// ディレクトリ内のファイル一覧を出力
echo "<pre>";
if (file_exists($dir) && is_dir($dir)) {
// 外部コマンドへの引数をエスケープして実行
system('ls -la ' . escapeshellarg($dir));
}
echo "</pre>";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment