Using system commands is a dangerous operation, especially if you are trying to use remote data to construct the commands you want to execute. If tainted data is used, a command injection vulnerability occurs.
exec() is a function used to execute shell commands. It returns the last line of execution and returns the command output, but you can specify an array as the second parameter so that each line of output is stored in the array as an element. How to use it is as follows:
<?php
$last = exec('ls', $output, $return);
print_r($output);
echo "Return [$return]";
?>
Assuming that the ls command is manually run in the shell, the following output will be produced:
$ ls
total 0
-rw-rw-r-- 1 chris chris 0 May 21 12:34 php-security
-rw-rw-r-- 1 chris chris 0 May 21 12:34 chris-shiflett
When running in exec() through the above example method, the output result is as follows:
Array
(
[0] => total 0
[1] => -rw-rw-r-- 1 chris chris 0 May 21 12:34 php-security
[2] => -rw-rw-r-- 1 chris chris 0 May 21 12:34 chris-shiflett
)
Return [0]
This method of running shell commands is convenient and useful, but this convenience brings you significant risks. If a command string is constructed by using contaminated data, the attacker can execute arbitrary commands.
I suggest that you avoid using shell commands if possible. If you really want to use them, make sure to filter the data of the constructor string, and at the same time, you must escape the output:
<?php
$clean = array();
$shell = array();
/* Filter Input ($command, $argument) */
$shell['command'] = escapeshellcmd($clean['command']);
$shell['argument'] = escapeshellarg($clean['argument']);
$last = exec("{$shell['command']} {$shell['argument']}", $output, $return);
?>
Although there are multiple ways to execute shell commands, it is necessary to stick to the point where only filtered and escaped data are allowed when constructing the string being run. Other similar functions that need to be noted include passthru( ), popen( ), shell_exec( ), and system( ). I reiterate that it is recommended to avoid the use of all shell commands if possible.
exec() is a function used to execute shell commands. It returns the last line of execution and returns the command output, but you can specify an array as the second parameter so that each line of output is stored in the array as an element. How to use it is as follows:
Copy the codeThe code is as follows:
<?php
$last = exec('ls', $output, $return);
print_r($output);
echo "Return [$return]";
?>
Assuming that the ls command is manually run in the shell, the following output will be produced:
Copy the codeThe code is as follows:
$ ls
total 0
-rw-rw-r-- 1 chris chris 0 May 21 12:34 php-security
-rw-rw-r-- 1 chris chris 0 May 21 12:34 chris-shiflett
When running in exec() through the above example method, the output result is as follows:
Copy the codeThe code is as follows:
Array
(
[0] => total 0
[1] => -rw-rw-r-- 1 chris chris 0 May 21 12:34 php-security
[2] => -rw-rw-r-- 1 chris chris 0 May 21 12:34 chris-shiflett
)
Return [0]
This method of running shell commands is convenient and useful, but this convenience brings you significant risks. If a command string is constructed by using contaminated data, the attacker can execute arbitrary commands.
I suggest that you avoid using shell commands if possible. If you really want to use them, make sure to filter the data of the constructor string, and at the same time, you must escape the output:
Copy the codeThe code is as follows:
<?php
$clean = array();
$shell = array();
/* Filter Input ($command, $argument) */
$shell['command'] = escapeshellcmd($clean['command']);
$shell['argument'] = escapeshellarg($clean['argument']);
$last = exec("{$shell['command']} {$shell['argument']}", $output, $return);
?>
Although there are multiple ways to execute shell commands, it is necessary to stick to the point where only filtered and escaped data are allowed when constructing the string being run. Other similar functions that need to be noted include passthru( ), popen( ), shell_exec( ), and system( ). I reiterate that it is recommended to avoid the use of all shell commands if possible.