I have an application with the following code:
<?php
if(isset($_GET['function'])){
$_GET['function']();
}
?>
So if i entered this url: http://localhost/?function=phpinfo
I will see the phpinfo function output on the screen.
can i have a way to concatenate 2 function in the url like this example:
http://localhost/?function=shell_exec('ls') AND phpinfo
So i want to see the first function output..
If you may asking why i need this, is because i am pen testing an web application with this situation..
By the way any suggestion to hack this situation will help.
Thanks for the help..
See Question&Answers more detail:os