关注网络安全,网络安全文章,网络资源工具,网络安全技术,网络安全知识,互联网安全知识,原创网络安全博客————————(信息安全工程师/程序员/渗透测试小能手)@YIXUN

PHP调用外部程序集成web

PHP YIXUN 5518℃ 0评论

php调用系统命令

根据官网给出的解释 http://php.net/exec ,有以下函数和解释

  • escapeshellarg — Escape a string to be used as a shell argument
  • escapeshellcmd — Escape shell metacharacters
  • exec — Execute an external program
  • passthru — Execute an external program and display raw output
  • proc_close — Close a process opened by proc_open and return the exit code of that process
  • proc_get_status — Get information about a process opened by proc_open
  • proc_nice — Change the priority of the current process
  • proc_open — Execute a command and open file pointers for input/output
  • proc_terminate — Kills a process opened by proc_open
  • shell_exec — Execute command via shell and return the complete output as a string
  • system — Execute an external program and display the output

这些函数在php代码审计的过程中也是非常要注意的,不过权限越大越方便。

Autosqlmap

为了使Autosqlmap更加的简单化,我把php调到了管理员权限,并将命令执行代码写入config.php

 

if(@$_GET['action']=='check'){
    $permission=shell_exec("whoami");
	echo $permission;
    die();
}
if(@$_GET['action']=='start'){
	pclose(popen("start.bat", 'r'));
	header("Location:./config.php");
    die();
}
if(@$_GET['action']=='stop'){
    pclose(popen("taskkill /f /im python.exe", 'r'));
	pclose(popen("taskkill /f /im cmd.exe", 'r'));
	header("Location:./config.php");
    die();
}
if(@$_GET['action']=='startspider'){
	pclose(popen("run_autosqlmap.bat", 'r'));
	header("Location:./config.php");
	echo $permission;
    die();
}
if(@$_GET['action']=='stopspider'){
    pclose(popen("taskkill /f /im python.exe", 'r'));
	pclose(popen("taskkill /f /im cmd.exe", 'r'));
	header("Location:./config.php");
    die();
}

UI界面为这样

20161111135846

 

这样就可以在WEBUI界面下操控Autosqlmap了

转载请注明出处:http://www.xunblog.com/50

本站部分内容来自网络,如有侵权,请联系我们进行处理,转载本站文章请注明出处!
喜欢 (0)
发表我的评论
取消评论
表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)