执行HTML编码的PHP代码
[英]Executing HTML encoded PHP code
问题描述
Hello stackoverflow community, 
您好stackoverflow社区,
I am trying to send a request from Burp Suite: 我正在尝试从Burp Suite发送请求:
{"html":"<?php
$to = "example@example.com";
$subject = "Subject";
$txt = "PHP is installed";
$result = mail($to,$subject,$txt);
?>","author":"","location":""}
I need to modify the "html" tag to contain some PHP, but the PHP is not read (neither are any of the other tags) because of the double quotes in the code (I think) so I tried HTML encoding it but then it wouldn't execute, it just showed up as plain text of the code. 我需要修改“ html”标签以包含一些PHP,但是由于代码中的双引号(我认为),因此未读取PHP(其他标签也不是),因此我尝试对其进行HTML编码不会执行,它只是显示为代码的纯文本。
I have been trying all day to figure this out and couldn't find anything. 我整天都在努力找出答案,却找不到任何东西。
So in conclusion: is there any alternative to quotes I can use? 总结一下:我可以使用引号之外的其他选择吗? (I tried HEREDOC) or is there a way to execute HTML encoded PHP without quotes? (我尝试过HEREDOC)还是有没有办法执行HTML编码的PHP而没有引号?
2 个解决方案
解决方案1
0 2015-04-28 01:17:37
The double quotes aren't the problem. 双引号不是问题。 It's likely that the file extension isn't a type that gets sent to the PHP interpretter. 文件扩展名可能不是发送到PHP解释器的类型。
If you're using Apache, you can solve this with a .htaccess directive. 如果您使用的是Apache,则可以使用.htaccess指令解决此问题。
Suppose the file you just posted has a .json extension. 假设您刚发布的文件扩展名为.json。 Then the .htaccess directive would look something like. 然后,.htaccess指令将类似于。
Options +ExecCGI
AddType application/x-httpd-php .php .json
AddHandler x-httpd-php5 .php .json
However you're not echoing anything. 但是,您没有回声。 So it's entirely possible that this is NOT the problem, and instead it's simply that your webserver doesn't have email configured, so it can't send the email. 因此,这完全有可能不是问题所在,而是您的Web服务器没有配置电子邮件,因此它无法发送电子邮件。 (Although in that case it should echo an error in most configurations.) (尽管在这种情况下,它在大多数配置中应该会产生错误。)
You can test just to see if it's working by using something like: 您可以使用以下方法测试它是否正常工作:
<?php echo "This is working now."; ?>
解决方案2
0 已采纳 2015-04-28 02:37:22
You could make this work, but I wouldn't recommend doing it that way. 您可以进行这项工作,但我不建议您这样做。
If you remove the PHP tags and pass through the code you want to run as a string you're going to end up having to run it through eval(), which is dangerous because it means anyone with access to the first script can potentially execute whatever code they like on your server. 如果删除PHP标记并传递要作为字符串运行的代码,最终将不得不通过eval()运行它,这很危险,因为这意味着有权访问第一个脚本的任何人都可以执行他们喜欢服务器上的任何代码。 Any PHP script with an 'eval()' in it needs to be pretty locked down. 任何带有'eval()'的PHP脚本都必须锁定。
Reference: 参考:
http://php.net/manual/en/function.eval.php http://php.net/manual/zh/function.eval.php
You're better off just passing the URL of the script you want it to execute, or something along those lines :) 最好只传递要执行的脚本的URL,或者沿这些行传递:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.