PHP调用外部程序集成web

php调用系统命令

根据官网给出的解释 http://php.net/exec ,有以下函数和解释

  • escapeshellarg — Escape a string to be used as a shell argument
  • escapeshellcmd — Escape shell metacharacters
  • exec — Execute an external program
  • passthru — Execute an external program and display raw output
  • proc_close — Close a process opened by proc_open and return the exit code of that process
  • proc_get_status — Get information about a process opened by proc_open
  • proc_nice — Change the priority of the current process
  • proc_open — Execute a command and open file pointers for input/output
  • proc_terminate — Kills a process opened by proc_open
  • shell_exec — Execute command via shell and return the complete output as a string
  • system — Execute an external program and display the output

这些函数在php代码审计的过程中也是非常要注意的,不过权限越大越方便。

Autosqlmap

为了使Autosqlmap更加的简单化,我把php调到了管理员权限,并将命令执行代码写入config.php

 

if(@$_GET['action']=='check'){
    $permission=shell_exec("whoami");
	echo $permission;
    die();
}
if(@$_GET['action']=='start'){
	pclose(popen("start.bat", 'r'));
	header("Location:./config.php");
    die();
}
if(@$_GET['action']=='stop'){
    pclose(popen("taskkill /f /im python.exe", 'r'));
	pclose(popen("taskkill /f /im cmd.exe", 'r'));
	header("Location:./config.php");
    die();
}
if(@$_GET['action']=='startspider'){
	pclose(popen("run_autosqlmap.bat", 'r'));
	header("Location:./config.php");
	echo $permission;
    die();
}
if(@$_GET['action']=='stopspider'){
    pclose(popen("taskkill /f /im python.exe", 'r'));
	pclose(popen("taskkill /f /im cmd.exe", 'r'));
	header("Location:./config.php");
    die();
}

UI界面为这样

《PHP调用外部程序集成web》

 

这样就可以在WEBUI界面下操控Autosqlmap了

点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注