<?php if(isset($_REQUEST[ 'ip' ])) { $target = trim($_REQUEST[ 'ip' ]); $substitutions = array( '&' => '', ';' => '', '|' => '', '-' => '', '$' => '', '(' => '', ')' => '', '`' => '', '||' => '', ); $target = str_replace( array_keys( $substitutions ), $substitutions, $target ); $cmd = shell_exec( 'ping -c 4 ' . $target ); echo $target; echo "<pre>{$cmd}</pre>"; }
使用%0a可以绕过,相当于换行符