🔐Blog of OsandaSecurity Researching and Reverse Engineering pentesting

PHP Feature or 0day?

Today one of my friends @RakeshMane10 gave me a challenge which I found pretty interesting.

[code language=”php”]
<?php
ini_set(‘error_displays’, 0);
$ip = htmlspecialchars($_GET[‘url’], ENT_QUOTES);
$f = fsockopen($ip, 80, $errno, $errstr, 5);
if($f) {
$result = shell_exec(‘ping -c 1 ‘ . $ip);
echo ‘<div class="alert alert-success">’ . nl2br($result) . ‘</div>’;
} else {
echo ‘<div class="alert alert-danger">’ .$errstr . ‘</div>’;
}
?>
[/code]
(more…)

Dynamic Function Injection in PHP

In PHP we can pass arguments to a function dynamically during runtime. For example have look at this example.

View post on imgur.com

I have used call_user_func_array() to pass the arguments to the function. The syntax would be:
[code language=”php”]
call_user_func_array(function, param_arr)
[/code]
Since I have used $_GET we can pass the function and its arguments during runtime.

http://localhost/?func=user&args[]=Osanda&args[]=secret&args[]=abc@abc.com

(more…)


TRANSLATE

Share this:

Share this: