up vote 0 down vote favorite

I have a simple cmd.php page to run commands I enter using shell_exec () and show the output.

  • PHP is running as CGI
  • Entering "php -v" and most commands just show "Content-type: text/html" and then the current page's HTML source.

  • However, calling PHP with an invalid parameter (/usr/bin/php -z) shows PHPs usage:

    Usage: php [-q] [-h] [-s] [-v] [-i] [-f ] php [args...]

    etc...

I attached a couple of images to show what I mean.

PHP -v doesn't produce expected output

PHP -v doesn't produce expected output

PHP -z shows PHP's usage

PHP -z shows PHP's usage

Any ideas?

Edit

cmd.php

<?php

    if ( isset ( $_POST['submit'] ) ) :

        $response = shell_exec ( escapeshellcmd ( stripslashes ( $_POST['cmd'] ) ) );

    endif;

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
    <head>
        <style type="text/css">
            pre#response { border: 1px solid #e0e0e0; padding: .5em; }
        </style>
        <title>Command</title>
    </head>
    <body>
        <form action="cmd.php" method="post">
            <p><input type="text" name="cmd" id="cmd" value="<?php echo @htmlspecialchars ( stripslashes ( $_POST['cmd'] ) ); ?>" size="50" />
            <button type="submit" name="submit" id="submit" value="Submit">Submit</button>
            </p>
        </form>


        <?php
        if ( isset ( $response ) ) :
        ?>

            <pre id="response"><?php

                if ( empty ( $response ) ) :
                    echo 'No response.';
                else :
                    echo htmlspecialchars ( $response );
                endif;
            ?></pre>

        <?php
        endif;
        ?>

    </body>
</html>
link|flag
67% accept rate
What is the expected output? Can we have a peek at cmd.php? – Anax Jul 12 at 8:04
It should show the version number... I posted the source code. – guitar- Jul 12 at 8:08
Is your FCGI or CGI running in a chroot via a wrapper script? – Borealid Jul 12 at 8:22
Not sure what you mean... you're seeing all of the code I'm using above. – guitar- Jul 12 at 8:32

1 Answer

up vote 1 down vote

shell_exec() only returns the characters that have been written to the stdout of the executed process, but not stderr. Try redirecting stderr to stdout so that error messages will be stored in $response.

<?php
define('REDIRECT_STDERR', 1);

if ( isset ( $_POST['submit'] ) ) :      
  $cmd = escapeshellcmd ( stripslashes ($_POST['cmd']) );
  if ( defined('REDIRECT_STDERR') && REDIRECT_STDERR ) :
    $cmd .= ' 2>&1';
  endif;
  $response = shell_exec( $cmd );
endif;

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
  <head>
    <style type="text/css">
      pre#response { border: 1px solid #e0e0e0; padding: .5em; }
    </style>
    <title>Command</title>
  </head>
  <body>
    <form action="cmd.php" method="post">
      <p>
        <input type="text" name="cmd" id="cmd" value="<?php echo @htmlspecialchars ( stripslashes ( $_POST['cmd'] ) ); ?>" size="50" />
        <button type="submit" name="submit" id="submit" value="Submit">Submit</button>
      </p>
    </form>


    <?php if ( isset ( $cmd ) ) : ?>
    <fieldset><legend><?php echo htmlspecialchars($cmd); ?></legend>
      <pre id="response"><?php var_dump($repsonse); ?></pre>
    </fieldset>
    <?php endif; ?>
  </body>
</html>
link|flag

Your Answer

get an OpenID
or
never shown

Not the answer you're looking for? Browse other questions tagged or ask your own question.