Using system commands is a risky operation, especially if you are trying to use remote data to construct a command to execute. If the contaminated data is used, the command injection vulnerability arises.
EXEC () is a function used to execute a shell command. It returns execution and returns the last line of the command output, but you can specify an array as the second argument so that each row of the output is stored as an element in an array. The use of the following methods:
Copy Code code as follows:
<?php
$last = exec (' ls ', $output, $return);
Print_r ($output);
echo "return [$return]";
?>
Assuming that the LS command is run manually in the shell, it produces the following output:
Copy Code code as follows:
$ ls
Total 0
-rw-rw-r--1 Chris Chris 0 may 12:34 Php-security
-rw-rw-r--1 Chris Chris 0 may 12:34 Chris-shiflett
When run in exec () by the method in the example above, the output is as follows:
Copy Code code as follows:
Array
(
[0] => Total 0
[1] =>-rw-rw-r--1 Chris Chris 0 may 12:34 Php-security
[2] =>-rw-rw-r--1 Chris Chris 0 may 12:34 Chris-shiflett
)
return [0]
This method of running the shell command is convenient and useful, but this convenience poses a significant risk to you. If the contaminated data is used to construct the command string, the attacker can execute arbitrary commands.
I suggest that you, if possible, avoid using shell commands, and if you do, make sure that you filter the data that constructs the command string and that you must escape the output:
Copy Code code as follows:
<?php
$clean = Array ();
$shell = Array ();
/* Filter Input ($command, $argument) * *
$shell [' command '] = Escapeshellcmd ($clean [' Command ']);
$shell [' argument '] = Escapeshellarg ($clean [' argument ']);
$last = Exec ("{$shell [' command ']} {$shell [' argument ']}", $output, $return);
?>
Although there are several ways to execute shell commands, it is important to insist that only filtered and escaped data is allowed to be used when constructing the string being run. Other similar functions that need to be noted are PassThru (), Popen (), Shell_exec (), and System (). I once again reiterate that it is advisable to avoid the use of all shell commands if possible.