Reputation: 121
Combine PHP exec, form and linux
My brain has stopped working and I really want to combine this together:
I want to take input on the website, save it in a variable, and call it down to the Linux shell to make a command.
Here is what I have:
<form action="action.php" method="post">
<p>Kommando: <input type="text" name="cmd" /></p>
<p><input type="submit" /></p>
</form>
<?php
$output = shell_exec($command);
echo "<pre>$output</pre>";
?>
Upvotes: 0
Views: 53
Answers (1)
Reputation: 44851
You need to use $_POST['cmd'], not $command. There is no variable named $command in your script.
PLEASE NOTE: This is horrifically insecure. You need to do a lot of validation on the command before passing it to the shell, or you risk all kinds of terrifyingly bad hacks.
Please read about command injection attacks and never pass anything you are not 100.000% sure is safe to the shell. That means you need to do both whitelisting and blacklisting, and you probably want a good WAF (web application firewall) backing you up. Ideally, you wouldn't use the user's input at all, except to pick one of several predefined commands.
Upvotes: 4
Related Questions
- How to insert form value into shell_exec
- Calling exec() on php
- html form button run command php exec
- Run Linux Commands Using PHP
- sending multiple lines of linux to PHP exec()
- PHP execute linux command using exec()
- PHP, shell_exec and an input
- Executing a linux command with php exec() and running a shell script
- Run an external program with php
- execute linux commands from php scripts