views:

70

answers:

1

I have a simple cmd.php page to run commands I enter using shell_exec () and show the output.

  • PHP is running as CGI
  • Entering "php -v" and most commands just show "Content-type: text/html" and then the current page's HTML source.
  • However, calling PHP with an invalid parameter (/usr/bin/php -z) shows PHPs usage:

    Usage: php [-q] [-h] [-s] [-v] [-i] [-f ] php [args...]

    etc...

I attached a couple of images to show what I mean.

PHP -v doesn't produce expected output

PHP -v doesn't produce expected output

PHP -z shows PHP's usage

PHP -z shows PHP's usage

Any ideas?

Edit

cmd.php

<?php

    if ( isset ( $_POST['submit'] ) ) :

        $response = shell_exec ( escapeshellcmd ( stripslashes ( $_POST['cmd'] ) ) );

    endif;

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"&gt;
<html>
    <head>
        <style type="text/css">
            pre#response { border: 1px solid #e0e0e0; padding: .5em; }
        </style>
        <title>Command</title>
    </head>
    <body>
        <form action="cmd.php" method="post">
            <p><input type="text" name="cmd" id="cmd" value="<?php echo @htmlspecialchars ( stripslashes ( $_POST['cmd'] ) ); ?>" size="50" />
            <button type="submit" name="submit" id="submit" value="Submit">Submit</button>
            </p>
        </form>


        <?php
        if ( isset ( $response ) ) :
        ?>

            <pre id="response"><?php

                if ( empty ( $response ) ) :
                    echo 'No response.';
                else :
                    echo htmlspecialchars ( $response );
                endif;
            ?></pre>

        <?php
        endif;
        ?>

    </body>
</html>
+1  A: 

shell_exec() only returns the characters that have been written to the stdout of the executed process, but not stderr. Try redirecting stderr to stdout so that error messages will be stored in $response.

<?php
define('REDIRECT_STDERR', 1);

if ( isset ( $_POST['submit'] ) ) :      
  $cmd = escapeshellcmd ( stripslashes ($_POST['cmd']) );
  if ( defined('REDIRECT_STDERR') && REDIRECT_STDERR ) :
    $cmd .= ' 2>&1';
  endif;
  $response = shell_exec( $cmd );
endif;

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"&gt;
<html>
  <head>
    <style type="text/css">
      pre#response { border: 1px solid #e0e0e0; padding: .5em; }
    </style>
    <title>Command</title>
  </head>
  <body>
    <form action="cmd.php" method="post">
      <p>
        <input type="text" name="cmd" id="cmd" value="<?php echo @htmlspecialchars ( stripslashes ( $_POST['cmd'] ) ); ?>" size="50" />
        <button type="submit" name="submit" id="submit" value="Submit">Submit</button>
      </p>
    </form>


    <?php if ( isset ( $cmd ) ) : ?>
    <fieldset><legend><?php echo htmlspecialchars($cmd); ?></legend>
      <pre id="response"><?php var_dump($repsonse); ?></pre>
    </fieldset>
    <?php endif; ?>
  </body>
</html>
VolkerK