i have the following PHP Code:
if(isset($_GET["href"]) && isset($_GET["name"])) {
exec("cvlc " . $_GET["href"] . " &");
}
the href is definitively a valid URL, and the exec function is also called (i tried via echo), also the cvlc command works fine when i type it into the console, however once i run it through the browser, it's just loading forever.
The exec command is also working fine, i just tested it.
Edit: The url i tried to play was http://dradio.de/streaming/dlf.m3u, but i tried a few others too.
Thanks!
Try to run the command inserting a double quote to the url:
exec("cvlc \"" . $_GET["href"] . "\" &");
(also please note, that this code is vulnerable to RCE, so keep attention!)
Related
i have been trying to fix a vulnerablity where input from a user is passed through to the php exec function. The input is sanitized using escapeshellarg but it seems like it still allows code to be injected and executed. I tested this using Burp Suite's collaborator functionality by doing a nslookup.
I am unable to provide the exact code but below is a pretty close example. Can someone please shed some light why this works?
$input = 'filename$(whoami).pdf';
$cmd = 'rm -rf ' . escapeshellarg($input) . ' 2>&1';
exec($cmd);
So I'm working with PHP to attempt to execute a script I have in the same directory. The script runs fine locally and the permissions for the http-data user are set to be able to execute the script referenced in this block of PHP
$cmd = system('th neural_style.lua -style_image'.' ~/'.$style.'.jpg '.'-content_image '.$content_image.' -gpu 0 -backend cudnn -save_iter 1 -cudnn_autotune -output_image /var/www/html/processed/'.$email.'/out.png 2>&1', $retval);
echo '
</pre>
<hr />Recent output: ' . $last_line . '
<hr />Return value: ' . $retval;
The script should execute fine using the system method from what I understand, I know the variables look messy though this is the error I get from PHP:
sh: th: command not found
I set my default interpreter to bash instead of dash thinking that might be an issue, no dice. Torch is in the same directory, and like I said runs fine as my login.
I know what I'm trying to do in a way is like sacrilege, if there is a better way to run a script that takes 8 minutes roughly to complete using some user input from the web, I want to know. This is just what came natural to me. I'm looking to notify the user when the process is complete with an email anyways so any way of executing it is just dandy.
Edit: any mention of "http-data" was supposed to say "www-data".
Change the default shell for your http-data user to bash or dash. It is currently using sh.
Check what your $PATH variable is inside the PHP environment.
I have been wracking my brain and my pc on this one, hoping someone can help me out here.
I have a PHP site that needs to execute a powershell script which in turn executes and executable.
the PHP that calls the .ps1 is
define('updaterPath','C:\\artemis\\DbUpdateUtility1.0.12.2');
define('outputLocation',updaterPath.'\\Output');
$CMD = updaterPath . '\\ArtemisXmlUtil.exe';
$action = 'import';
$args= ' -f' . outputLocation;
$psScriptPath = '.\\get-process.ps1';
$query = shell_exec("powershell -command $psScriptPath -cmd '$CMD' -action '$action' -paras '$args' < NUL");
my .ps1 script is:
param(
[string]$CMD,
[string]$action,
[string]$paras
)
& $CMD $action $paras
Right now, when I echo the full command, it looks perfect and can be copied and pasted into powershell and runs successfully, but when I try to actually execute it from php, it runs with only the $CMD variable and ignores the $action and $paras.
I tried concactenating the variables all into 1 string, but that fails as not even being able to see the executable.
the full command shouls look like:
C:\artemis\DbUpdateUtility1.0.12.2\ArtemisXmlUtil.exe import -fC:\artemis\DbUpdateUtility1.0.12.2\Output
Ok, figured this one out on my own.
The problem is how the command was being executed. Using the "&" forced powershell to ignore the parameters being pass into the script. The correct way, since the command is an executable anyhow, was to build the entire command as a string and pass it all at once to the ps1 file and then change the ps1 file to use the invoke-expression commandlet.
param(
[string]$CMD
)
Invoke-expression $CMD
Why doesn't PHP exec() work on the first page load?
I'm executing a python script via PHP using the following line:
exec("python suggester.py " . $query_plus . " " . $location, $output);
Most of the time this works fine, but on the initial load of my page (suggester.promediacorp.com) the POST request sits in waiting/pending for almost a minute until it finally returns a response. If the page is refreshed, or another query runs after, it works perfectly.
I'm almost 100% sure the issue is related to exec(), because when I remove that code I get my response immediately. Additionally, the issue persists even if the python file has no contents.
You do not have arguments escaped propperly. See http://php.net/manual/en/function.escapeshellarg.php
I figured it out. It was an issue with php's error logging that was echoed before my script finished running.
I am attempting to write a PHP script that will allow for me to select a few files to download from a predetermined location. I'd like my script to pass an array to a Powershell script that id written earlier and have my Powershell script handle the downloading (basically the php file just needs to tell the powershell file what needs to be downloaded).
I've looked at a few options, and it seems that exec is the command I should use for this (as I do not care about command line output I shouldnt need shell_exec).
So far I've turned OFF safe mode to allow me to use this command. I should also note that the php file will be run from a server, however the powershell files are located on a local machine.
A snippet of the code so far to handle the param passing looks like this:
if(isset($_POST['formSubmit']))
{
$choosePlugin = $_POST['wpPlugin'];
$chooseTheme = $_POST['wpTheme'];
if(isset($_POST['wpTheme']))
{
echo("<p>You selected: $chooseTheme</p>\n");
exec('powershell.exe C:\Wordpress Setup\setupThemes.ps1 $chooseTheme');
}
else
{
echo("<p>You did not select a theme</p>\n");
}
I am a bit confused as to what I should put inside the exec. When I run the above code there are no errors however nothing happens. I am a bit new to this so I apologize if more information is required. Any help is appreciated thank you.
Try to do:
echo exec('powershell.exe C:\\Wordpress Setup\\setupThemes.ps1 $chooseTheme');
to see the results of powershell.exe (remember the double \), also make sure to put the absolute path to the exe file:
echo exec('c:\\PATH_TO_POWERSHELL.EXE\\powershell.exe C:\\Wordpress Setup\\setupThemes.ps1 $chooseTheme');
If you want to pass the contents of the variable you should use double quotes to actually expand it, I guess. Furthermore you should quote the script name because the path contains spaces:
exec("powershell.exe \"C:\Wordpress Setup\setupThemes.ps1\" $chooseTheme");