LOW#
1if( isset( $_POST[ 'Submit' ] ) ) {
2 // Get input
3 $target = $_REQUEST[ 'ip' ];
4
5 // 没有任何过滤
6 // 直接运行 ping $param
7
8 // 可以尝试运行各种奇怪的命令组合
9 // 输入 localhost && ls
10
11 // Determine OS and execute the ping command.
12 if( stristr( php_uname( 's' ), 'Windows NT' ) ) {
13 // Windows
14 $cmd = shell_exec( 'ping ' . $target );
15 }
16 else {
17 // *nix
18 $cmd = shell_exec( 'ping -c 4 ' . $target );
19 }
20
21 // Feedback for the end user
22 echo "<pre>{$cmd}</pre>";
23}
Medium#
1if( isset( $_POST[ 'Submit' ] ) ) {
2 // Get input
3 $target = $_REQUEST[ 'ip' ];
4
5 // Set blacklist
6 // 黑名单式过滤
7 $substitutions = array(
8 '&&' => '',
9 ';' => '',
10 );
11
12 // 然而过滤的并不严谨
13 // 使用 localHost &&& ls
14 // 或者管道?(Linux)
15 // localhost | ls`
16
17 // Remove any of the charactars in the array (blacklist).
18 $target = str_replace( array_keys( $substitutions ), $substitutions, $target );
19
20 // Determine OS and execute the ping command.
21 if( stristr( php_uname( 's' ), 'Windows NT' ) ) {
22 // Windows
23 $cmd = shell_exec( 'ping ' . $target );
24 }
25 else {
26 // *nix
27 $cmd = shell_exec( 'ping -c 4 ' . $target );
28 }
29
30 // Feedback for the end user
31 echo "<pre>{$cmd}</pre>";
32}
High#
1if( isset( $_POST[ 'Submit' ] ) ) {
2 // Get input
3 $target = trim($_REQUEST[ 'ip' ]);
4
5 // 过滤的更猛了
6 // Set blacklist
7 $substitutions = array(
8 '&' => '',
9 ';' => '',
10 '| ' => '',
11 '-' => '',
12 '$' => '',
13 '(' => '',
14 ')' => '',
15 '`' => '',
16 '||' => '',
17 );
18
19 // 然而只过滤一遍
20 // localhost ||||
21
22 // Remove any of the charactars in the array (blacklist).
23 $target = str_replace( array_keys( $substitutions ), $substitutions, $target );
24
25 // Determine OS and execute the ping command.
26 if( stristr( php_uname( 's' ), 'Windows NT' ) ) {
27 // Windows
28 $cmd = shell_exec( 'ping ' . $target );
29 }
30 else {
31 // *nix
32 $cmd = shell_exec( 'ping -c 4 ' . $target );
33 }
34
35 // Feedback for the end user
36 echo "<pre>{$cmd}</pre>";
37}