summaryrefslogtreecommitdiffstats
path: root/shellwrapper.php
diff options
context:
space:
mode:
authorKyle K <kylek389@gmail.com>2014-12-17 18:46:12 -0600
committerKyle K <kylek389@gmail.com>2014-12-17 18:46:12 -0600
commit78c1bab624440aa6a0576c82696f08c99001fd70 (patch)
tree9c9bf45c3fb2cb8d9d03dde45435d41b179e7a72 /shellwrapper.php
parentc815b1b4c2b3f05edfa17e9837476da15f902ccd (diff)
downloadphpsandbox-78c1bab624440aa6a0576c82696f08c99001fd70.tar.gz
phpsandbox-78c1bab624440aa6a0576c82696f08c99001fd70.tar.bz2
phpsandbox-78c1bab624440aa6a0576c82696f08c99001fd70.zip
add a shell php passthrough tool PoC
Diffstat (limited to 'shellwrapper.php')
-rw-r--r--shellwrapper.php20
1 files changed, 20 insertions, 0 deletions
diff --git a/shellwrapper.php b/shellwrapper.php
new file mode 100644
index 0000000..cf14c20
--- /dev/null
+++ b/shellwrapper.php
@@ -0,0 +1,20 @@
+<?php
+
+if (!empty($_POST)) {
+ $command = htmlspecialchars($_POST['command']);
+ $output = shell_exec($command);
+ echo "<pre>$output</pre>";
+}
+
+?>
+
+<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+ <div style="display: inline;">
+ <p>enter your command below</p>
+ <label for="command">$:</label>
+ <input type="text" id="command" name="command" /> <!-- name attr is needed otherwise $_POST would be empty -->
+ </div>
+ <div style="display: inline;">
+ <input type="submit" value="Execute" />
+ </div>
+</form>