jeudi 19 mars 2015

How to concatenate 2 function in php



I have an application with the following code:



<?php

if(isset($_GET['function'])){
$_GET['function']();
}

?>


So if i entered this url: http://localhost/?function=phpinfo


I will see the phpinfo function output on the screen.


can i have a way to concatenate 2 function in the url like this example:


http://localhost/?function=shell_exec('ls') AND phpinfo


So i want to see the first function output..


If you may asking why i need this, is because i am pen testing an web application with this situation..


By the way any suggestion to hack this situation will help.


Thanks for the help..





Aucun commentaire:

Enregistrer un commentaire