Dangerous Functions
PHP Eval #
Sample usage:
eval('$x = (5-1);');
echo($x); // outputs 4
Malicuous usage:
eval('echo exec(\'whoami\');')
eval('echo exec(\'ls -l /home/alice\');')
Other PHP Functions #
exec
shell_exec
system
passthru
popen
Useful Configurations #
# pin you to a specific directory
open_basedir
Commands #
# checks what dangerous functions exposed
python2 ~/data/tools/dfunc-bypasser.py --url http://htb/utility-scripts/info.php