我想在我的webapp(渗透测试)中创建一个表单,要求输入目标和一些选项,然后获取这些参数并执行在同一目录中运行Ruby文件的系统命令。 以以下格式' ruby file.rb -u $target $option' ,并输出结果,谢谢这是我创造和工作
的形式<html>
<body>
<form action="test.php" method="post">
Target: <input type="text" name="target"><br>
<input type="submit">
<select name="taskOption">
<option>First</option>
<option>Second</option>
<option>Third</option>
</select>
</form>
这就是考验.php
<?php
echo '<pre>';
$last_line = system('ruby file.rb -u $target $option', $retval);
// Printing additional info
echo "$retval"
?>
你可以使用这个:
信息.php
<html>
<body>
<form action="test.php" method="post">
Target: <input type="text" name="target"><br>
<input type="submit">
<select name="option">
<option>First</option>
<option>Second</option>
<option>Third</option>
</select>
</form>
测试.php
<?php
$retval= "test";
foreach ($_POST as $k => $v) {
$$k = $v;
}
$last_line = system('ruby file.rb -u $target $option', $retval);
// Printing additional info
echo $retval."<br>";//will echo test
echo "Target: ".$target ." option: ". $option;
?>
我相信这会有所帮助
旧答案我相信您必须将帖子数据分配给变量您还必须将"任务选项"重命名为"选项"
foreach ($_POST as $k => $v) {
// edit: dont use that part, since you don't have a mysql connection$r = mysql_real_escape_string($v);
$$k = $v; //$r;
}