新手入门,用来记一些笔记,大佬别喷。下面记录几个PHP里面可以执行系统命令的函数。
system()
<?php
$a = $_GET['cmd'];
system($a);
?>
![](https://upload-images.jianshu.io/upload_images/14656221-2a1ce20e6ee72309.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
exec()
<?php
$a = $_GET['cmd'];
echo exec($a);
?>
![](https://upload-images.jianshu.io/upload_images/14656221-f3e3163c58a16ab1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
passthru()
<?php
$a = $_GET['cmd'];
passthru($a);
?>
![](https://upload-images.jianshu.io/upload_images/14656221-4c63f71d805f974a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
shell_exec()
<?php
$a = $_GET['cmd'];
echo shell_exec($a);
?>
![](https://upload-images.jianshu.io/upload_images/14656221-e51a162faedacedf.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
``反引号
<?php
$a = $_GET['cmd'];
echo `$a`;
?>
![](https://upload-images.jianshu.io/upload_images/14656221-ec597c42fafa81ae.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
下面是一些代码执行的函数。
eval()
<?php
if(isset($_GET['cmd'])){
$a = $_GET['cmd'];
eval("$a=$a;");
}
?>
![](https://upload-images.jianshu.io/upload_images/14656221-9cf822cc480b0209.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
assert()
<?php
if(isset($_GET['cmd'])){
$a = $_GET['cmd'];
assert("$a=$a;");
}
?>
![](https://upload-images.jianshu.io/upload_images/14656221-544d494431f87010.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)