PHP
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
Functions that might be vulnerable if you control the data (): file_get_contents
, readfile
, finfo->file
, getimagesize
, md5_file
, sha1_file
, hash_file
, file
, parse_ini_file
, copy
, file_put_contents (only target read only with this)
, stream_get_contents
fgets
fread
fgetc
fgetcsv
fpassthru
fputs
UpDown
Vessel (Single / Double quote confusion + PHP file write)
.php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps
.pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc
$ cat info.phar
<?php phpinfo(); ?>
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
assert() - identical to eval()
preg_replace('/.*/e',...) - /e does an eval() on the match
create_function()
include()
include_once()
require()