Remote code execution

PHP provides different functions which when called allow shell command execution on the server.

The following table contains a list of functions which are used for shell command execution:

Name

Functionality

system

Executes a command and returns its output

shell_exec

Executes a command and displays the output immediately

passthru

Executes a command and displays the raw output

backtick operator (``)

Executes contents inside the backtick as a shell command

popen

Executes a command and returns a pointer

exec

Executes a command and returns the last line of the output

pcntl_exec

Executes a command or a program

proc_open

Similar to popen()

In the following code, Let us use the passthru() function and create a simple one-liner shell, which ...

Get Mastering Modern Web Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.