# «.webshell» (to "webshell") # «.webshell-old» (to "webshell-old") # «.phpnuke» (to "phpnuke") # (find-phpdocpage "tutorial") # (find-phpfuncpage "phpinfo") # (find-phpfuncpage "require") ##### # # ? # 2004sep24 # ##### # # (ee-once (eeb-php)) echo getcwd(), "\n"; # # (ee-once (eeb-php)) echo system("set"), "\n"; # # (ee-once (eeb-php)) echo $_SERVER['REMOTE_ADDR'], "\n"; # # (ee-once (eeb-php)) $ip = $_SERVER['REMOTE_ADDR']; $goodip = "127.0.0.1"; if ($ip != $goodip) { echo "$ip != $goodip\n"; exit; } echo "ok\n"; # # (ee-once (eeb-php+)) # (find-phpdocpage "index") phpinfo(); # # (ee-once (eeb-php)) # (find-phplangpage "types.array") $arr = array("foo" => "bar", 12 => true); echo $arr["foo"], "\n"; // bar echo $arr[12], "\n"; // 1 # # (find-phpdocpage "index") # (find-phplangpage "variables.external") # (find-phpfuncpage "import-request-variables") ##### # # webshell # 2004sep24 # ##### # «webshell» (to ".webshell") # sudo touch /var/www/tmp.php sudo chmod 666 /var/www/tmp.php # cat > /var/www/tmp.php <<'%%%'
at:
do:
%%% lynx http://127.0.0.1/tmp.php # sudo rm /var/www/tmp.php # ##### # # To run shell commands in machines that allow only php # 2000aug02 # ##### # «webshell-old» (to ".webshell-old") # (find-fline "~/PHP3/tarstuff.php3") # cat > /var/www/tmp.php3 <<'---'
cd 

\n";
  if (!@chdir($pwd)) {
    echo "no such dir: $pwd\n";
  } else {
    if ($cmd) {
      $s = "# $pwd\n# $cmd\n\n";
      $arr = array();
      $cmd = "export EE=" . dirname($SCRIPT_FILENAME) . "/ee.sh; " .
	     "alias ee='. $EE'; " .
             "($cmd) 2>&1";
      exec($cmd, $arr, $exitcode);
      $s .= join("\n", $arr) . "\n";
      if ($exitcode)
        $s .= "\n# exitcode = $exitcode\n";
      echo p($s);
    }
  }
  echo "
\n"; ?> --- wget -q -O - 'http://127.0.0.1/tmp.php3' wget -q -O - 'http://127.0.0.1/tmp.php3?pwd=/home' wget -q -O - 'http://127.0.0.1/tmp.php3?pwd=/home&cmd=echo+hello' wget -q -O - 'http://127.0.0.1/tmp.php3?pwd=/home&cmd=ls;false' wget -q -O - 'http://127.0.0.1/tmp.php3?pwd=/naaa' lynx http://127.0.0.1/tmp.php3 # # Local Variables: # coding: raw-text-unix # ee-delimiter-hash: "\n#\n" # ee-anchor-format: "«%s»" # End: