The Way to Programming
The Way to Programming
I have the following code:
So if i entered this url:
http://localhost/?function=phpinfo
I will see the phpinfo function output on the screen.
can i have a way to concatenate 2 function in the url like this example:
http://localhost/?function=shell_exec('ls') AND phpinfo
So i want to see the first function output..
If you may asking why i need this, is because i am pen testing an web application with this situation.
that looks very dangerous. you can pass a string separated with semicolon for each function, like:
http://localhost/?function=shell_exec('ls');phpinfo
then:
if(isset($_GET['function'])){ $functions = explode(';',$_GET['function']); foreach($functions as $function){ $function(); } }
or you can use eval function:
http://localhost/?function=eval("shell_exec('ls');phpinfo();")
Sign in to your account