标签:cut rmi BMI 方法 ping mit == comm 输入
;ls ../../
<?php if( isset( $_POST[ ‘submit‘ ] ) ) { //将ip对应的值复制给target $target = $_REQUEST[ ‘ip‘ ]; if (stristr(php_uname(‘s‘), ‘Windows NT‘)) { //如果是winds就直接ping $cmd = shell_exec( ‘ping ‘ . $target ); echo ‘<pre>‘.$cmd.‘</pre>‘; } else { //如果是Linux就默认ping 3个包 $cmd = shell_exec( ‘ping -c 3 ‘ . $target ); echo ‘<pre>‘.$cmd.‘</pre>‘; } } ?>
|| 或者 &;& 或者 &
就多了一点过滤,但是没过滤完整
<?php if( isset( $_POST[ ‘submit‘] ) ) { $target = $_REQUEST[ ‘ip‘ ]; // 过滤了 &&,;命令分割符 $substitutions = array( ‘&&‘ => ‘‘, ‘;‘ => ‘‘, ); $target = str_replace( array_keys( $substitutions ), $substitutions, $target ); // Determine OS and execute the ping command. if (stristr(php_uname(‘s‘), ‘Windows NT‘)) { $cmd = shell_exec( ‘ping ‘ . $target ); echo ‘<pre>‘.$cmd.‘</pre>‘; } else { $cmd = shell_exec( ‘ping -c 3 ‘ . $target ); echo ‘<pre>‘.$cmd.‘</pre>‘; } } ?>
无能为力了Orz,只有诸如“数字.数字.数字.数字”的输入才会被接收执行.
<?php if( isset( $_POST[ ‘submit‘ ] ) ) { $target = $_REQUEST["ip"]; /* stripslashes() 函数删除由 addslashes() 函数添加的反斜杠。 */ $target = stripslashes( $target ); // Split the IP into 4 octects $octet = explode(".", $target); // Check IF each octet is an integer if ((is_numeric($octet[0])) && (is_numeric($octet[1])) && (is_numeric($octet[2])) && (is_numeric($octet[3])) && (sizeof($octet) == 4) ) { // If all 4 octets are int‘s put the IP back together. $target = $octet[0].‘.‘.$octet[1].‘.‘.$octet[2].‘.‘.$octet[3]; // Determine OS and execute the ping command. if (stristr(php_uname(‘s‘), ‘Windows NT‘)) { $cmd = shell_exec( ‘ping ‘ . $target ); echo ‘<pre>‘.$cmd.‘</pre>‘; } else { $cmd = shell_exec( ‘ping -c 3 ‘ . $target ); echo ‘<pre>‘.$cmd.‘</pre>‘; } } else { echo ‘<pre>ERROR: You have entered an invalid IP</pre>‘; } } ?>
标签:cut rmi BMI 方法 ping mit == comm 输入
原文地址:https://www.cnblogs.com/chrysanthemum/p/11517770.html
