Remote code execution

PHP provides different functions which when called allow shell command execution on the server.

The following table contains a list of functions which are used for shell command execution:

Name

Functionality

system

Executes a command and returns its output

shell_exec

Executes a command and displays the output immediately

passthru

Executes a command and displays the raw output

backtick operator (``)

Executes contents inside the backtick as a shell command

popen

Executes a command and returns a pointer

exec

Executes a command and returns the last line of the output

pcntl_exec

Executes a command or a program

proc_open

Similar to popen()

In the following code, Let us use the passthru() function and create a simple one-liner shell, which ...

Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.