萌新web13

 

We can even not use ';' to execute passthru() function.

Excluding those PHP functions that we know can execute Linux commands, how to do this?

Actually, `` also can run commad whthin itself. For instance, `ls` can execute 'ls' command.

In general, we use the below codes:

<?=``?>

Among this, <?= ?> is equal to <?php echo ?>.

Last, we must close the PHP sentence <?php which is in the first line of those above PHP codes to label that those codes are belong to PHP Language.

Therefore, we gradually construct the payload: ?=c?><?=`ls`?>

 

Just as we expected, it works.

You must know how to construct the next payload.