PHPÖÐÖ´ÐÐϵͳÍⲿÃüÁî

PHP×÷ΪһÖÖ·þÎñÆ÷¶ËµÄ½Å±¾ÓïÑÔ£¬Ïó±àд¼òµ¥£¬»òÕßÊǸ´ÔӵĶ¯Ì¬ÍøÒ³ÕâÑùµÄÈÎÎñ£¬ËüÍêÈ«Äܹ»Ê¤ÈΡ£µ«ÊÂÇé²»×ÜÊÇÈç´Ë£¬ÓÐʱΪÁËʵÏÖij¸ö¹¦ÄÜ£¬±ØÐë½èÖúÓÚ
²Ù×÷ϵͳµÄÍⲿ³ÌÐò£¨»òÕß³Æ֮ΪÃüÁ£¬ÕâÑù¿ÉÒÔ×öµ½Ê°빦±¶¡£
¡¡¡¡ÄÇô£¬ÊÇ·ñ¿ÉÒÔÔÚPHP½Å±¾Öе÷ÓÃÍⲿÃüÁîÄØ£¿Èç¹ûÄÜ£¬ÈçºÎÈ¥×öÄØ£¿
ÓÐЩʲô·½ÃæµÄ¹ËÂÇÄØ£¿ÏàÐÅÄã¿´Á˱¾Îĺ󣬿϶¨Äܹ»»Ø´ðÕâЩÎÊÌâÁË¡£
ÊÇ·ñ¿ÉÒÔ£¿
¡¡¡¡´ð°¸Êǿ϶¨µÄ¡£PHPºÍÆäËüµÄ³ÌÐòÉè
¼ÆÓïÑÔÒ»Ñù£¬ÍêÈ«¿ÉÒÔÔÚ³ÌÐòÄÚµ÷ÓÃÍⲿÃüÁ²¢ÇÒÊǺܼòµ¥µÄ£ºÖ»ÒªÓÃÒ»¸ö»ò¼¸¸öº¯Êý¼´¿É¡£
Ç°ÌáÌõ¼þ
¡¡¡¡ÓÉÓÚPHP»ù±¾ÊÇ
ÓÃÓÚWEB³ÌÐò¿ª·¢µÄ£¬ËùÒÔ°²È«ÐÔ³ÉÁËÈËÃÇ¿¼ÂǵÄÒ»¸öÖØÒª·½Ãæ¡£ÓÚÊÇPHPµÄÉè¼ÆÕßÃǸøPHP¼ÓÁËÒ»¸öÃÅ£º°²È«Ä£Ê½¡£Èç¹ûÔËÐÐÔÚ°²È«Ä£Ê½Ï£¬ÄÇôPHP½Å
±¾Öн«Êܵ½ÈçÏÂËĸö·½ÃæµÄÏÞÖÆ£º
Ö´ÐÐÍⲿÃüÁî
ÔÚ´ò¿ªÎļþʱÓÐЩÏÞÖÆ
Á¬½ÓMySQLÊý¾Ý¿â
»ùÓÚHTTPµÄÈÏÖ¤
¡¡
¡¡ÔÚ°²È«Ä£Ê½Ï£¬Ö»ÓÐÔÚÌض¨Ä¿Â¼ÖеÄÍⲿ³ÌÐò²Å¿ÉÒÔ±»Ö´ÐУ¬¶ÔÆäËü³ÌÐòµÄµ÷Óý«±»¾Ü¾ø¡£Õâ¸öĿ¼¿ÉÒÔÔÚphp.iniÎļþÖÐÓÃ
safe_mode_exec_dirÖ¸Á»òÔÚ±àÒëPHPÊǼÓÉÏ--with-exec-dirÑ¡ÏîÀ´Ö¸¶¨£¬Ä¬ÈÏÊÇ/usr/local/php
/bin¡£
Èç¹ûÄãµ÷ÓÃÒ»¸öÓ¦¸Ã¿ÉÒÔÊä³ö½á¹ûµÄÍⲿÃüÁÒâ˼ÊÇPHP½Å±¾Ã»ÓдíÎ󣩣¬µÃµ½µÄÈ´ÊÇһƬ¿Õ°×£¬ÄÇôºÜ¿ÉÄÜÄãµÄÍø¹ÜÒѾ­°Ñ
PHPÔËÐÐÔÚ°²È«Ä£Ê½ÏÂÁË¡£
ÈçºÎ×ö£¿
ÔÚPHPÖе÷ÓÃÍⲿÃüÁ¿ÉÒÔÓÃÈçÏÂÈýÖÖ·½·¨À´ÊµÏÖ£º
1£©
ÓÃPHPÌṩµÄרÃź¯Êý
PHPÌṩ¹²ÁË3¸öרÃŵÄÖ´ÐÐÍⲿÃüÁîµÄº¯Êý£ºsystem()£¬exec()£¬passthru()¡£
system()
Ô­
ÐÍ£ºstring system (string command [, int return_var])
system()º¯ÊýºÜÆäËü
ÓïÑÔÖеIJ¶à£¬ËüÖ´Ðиø¶¨µÄÃüÁÊä³öºÍ·µ»Ø½á¹û¡£µÚ¶þ¸ö²ÎÊýÊÇ¿ÉÑ¡µÄ£¬ÓÃÀ´µÃµ½ÃüÁîÖ´ÐкóµÄ״̬Âë¡£
Àý×Ó£º
<?php
system
(
"/usr/local/bin/webalizer/webalizer"
);
?>
 
exec()
Ô­ÐÍ£ºstring exec (string command [,
string array [, int return_var]])
exec()º¯ÊýÓësystem()ÀàËÆ£¬Ò²Ö´Ðиø¶¨µÄÃüÁµ«²»
Êä³ö½á¹û£¬¶øÊÇ·µ»Ø½á¹ûµÄ×îºóÒ»ÐС£ËäÈ»ËüÖ»·µ»ØÃüÁî½á¹ûµÄ×îºóÒ»ÐУ¬µ«Óõڶþ¸ö²ÎÊýarray¿ÉÒԵõ½ÍêÕûµÄ½á¹û£¬·½·¨Êǰѽá¹ûÖðÐÐ×·¼Óµ½arrayµÄ
½áβ´¦¡£ËùÒÔÈç¹ûarray²»Êǿյģ¬ÔÚµ÷ÓÃ֮ǰ×îºÃÓÃunset()×îËüÇåµô¡£Ö»ÓÐÖ¸¶¨Á˵ڶþ¸ö²ÎÊýʱ£¬²Å¿ÉÒÔÓõÚÈý¸ö²ÎÊý£¬ÓÃÀ´È¡µÃÃüÁîÖ´ÐеÄ״̬
Âë¡£
Àý×Ó£º
<?php
exec
(
"/bin/ls -l"
);
e