PHP uses exec shell command injection method to explain_PHP tutorial

Using system commands is a dangerous operation, especially if you are trying to use remote data to construct the command to be executed. If contaminated data is used, command injection vulnerabilities arise.
exec() is a function used to execute shell commands. It returns execution and returns the last line of the command's output, but you can specify an array as the second argument so that each line of output will be stored as an element in the array. The usage is as follows:

Copy the code The code is as follows:

$last = exec('ls ', $output, $return);
print_r($output);
echo "Return [$return]";
?>

Assume that the ls command is in the shell When running manually, the following output will be produced:

Copy the code The code is as follows:

$ ls
total 0
-rw-rw-r-- 1 chris chris 0 May 21 12:34 php-security
-rw-rw-r-- 1 chris chris 0 May 21 12:34 chris-shiflett

When run in exec() through the method of the above example, the output result is as follows:

Copy the code The code is as follows:

Array
(
[0] => total 0
[1] => -rw-rw-r-- 1 chris chris 0 May 21 12:34 php-security
[2] => -rw-rw-r-- 1 chris chris 0 May 21 12:34 chris-shiflett
)
Return [0]

This kind of operation The shell command method is convenient and useful, but this convenience brings you significant risks. If the contaminated data is used to construct a command string, the attacker can execute arbitrary commands.
I suggest you avoid using shell commands if possible. If you really need to use them, make sure to filter the data used to construct the command string and escape the output:

Copy code The code is as follows:

$clean = array();
$shell = array();
/* Filter Input ($command, $argument) */
$shell['command'] = escapeshellcmd($clean['command']);
$shell['argument'] = escapeshellarg( $clean['argument']);
$last = exec("{$shell['command']} {$shell['argument']}", $output, $return);
?> ;

Although there are many ways to execute shell commands, it is important to insist that only filtered and escaped data is allowed when constructing the string to be executed. Other similar functions to note are passthru( ), popen( ), shell_exec( ), and system( ). Again, I recommend avoiding the use of all shell commands if possible.

http://www.bkjia.com/PHPjc/825134.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/825134.htmlTechArticleUsing system commands is a dangerous operation, especially when you try to use remote data to construct the command to be executed. Even more so. If contaminated data is used, command injection vulnerabilities will occur...