Dangerous Functions

rce

PHP Eval #

Sample usage:

eval('$x = (5-1);');
echo($x); // outputs 4

Malicuous usage:

eval('echo exec(\'whoami\');')
eval('echo exec(\'ls -l /home/alice\');')

Other PHP Functions #

exec
shell_exec
system
passthru
popen

Useful Configurations #

# pin you to a specific directory
open_basedir

Commands #

# checks what dangerous functions exposed
python2 ~/data/tools/dfunc-bypasser.py --url http://htb/utility-scripts/info.php

References #