昨天测试一个站点,能够上传php小马,也能够在特定的目录里拉大马,但是其他目录没有写权限,而且webshell无法运行,执行结果显示如下:
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in
/usr/xxx/htdocs/xxx/xx.php on line 2
Parse error: parse error, unexpected $ in /usr/xxx/htdocs/xxx/xx.php on line 8
我猜测这里是用了EscapeShellCmd这类命令进行了过滤?请教有什么办法提权或者执行webshell。
服务器信息:
System : FreeBSD chinahosts.net 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Wed Aug
i386
Apache/1.3.33 (Unix) PHP/4.3.11
Zend Engine v1.3.0
HTTP/1.1
CGI/1.1
php config path: /usr/local/Zend/etc/php.ini
--
要向邮件组发送邮件,请发到 ph4nt0m@googlegroups.com
要退订此邮件,请发邮件至 ph4nt0m-unsubscr...@googlegroups.com
