PHP 執行sudo 權限的shell script
05 3 月

PHP 執行sudo 權限的shell script

Powen Ko

|

CGI

|

off 

<?php
echo exec("cd temp; ./php_root ");
//echo shell_exec("whoami");
phpinfo();
?>

wrapper.c

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int
main (int argc, char *argv[])
{
     setuid (0);

     /* WARNING: Only use an absolute path to the script to execute,
      *          a malicious user might fool the binary and execute
      *          arbitary commands if not.
      * */
     //system("cp 1.png 3.png");
     system ("./php_shell.sh");
     //i=system ("ls ");
     //printf("The value returned was: %d.\n",i);
     return 0;
}


#!/bin/sh

# sips -s format png  1.png --out  2.png 
sudo rm -rf code
mkdir code
cd code
sudo yes | ls  & (nsPID=$! ; sleep 10 ; kill -STOP $nsPID)
cd ..
cp 1.png 4.png

並且執行以下指令 設定和編譯程式

sudo chown root php_shell.sh
sudo chmod u=rwx,go=xr php_shell.sh
sudo gcc wrapper.c -o php_root
sudo chown root php_root
sudo chmod u=rwx,go=xr,+s php_root