PHP SSH2 exec“$&引用;
我想知道如何在PHP中从GET运行命令。。。 这是我的密码:PHP SSH2 exec“$&引用;,php,ssh,exec,Php,Ssh,Exec,我想知道如何在PHP中从GET运行命令。。。 这是我的密码: <?php $msg = $_GET['msg']; echo "$msg test"; if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist"); if(!($con = ssh2_connect("ip", 22))){ echo "fail: unable to establish connection\n";
<?php
$msg = $_GET['msg'];
echo "$msg test";
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
if(!($con = ssh2_connect("ip", 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "password")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
将GET变量传递给ssh2\u exec()
可能是一个巨大的安全问题。但是忽略这一点,单引号会忽略变量——这需要双引号
换句话说:改变这个
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {
对此
if (!($stream = ssh2_exec($con, "wall echo $msg"))) {
但是,我怀疑您试图将echo
用作PHP构造,而您真正感兴趣的只是$msg
变量。在这种情况下,你可以这样做
if (!($stream = ssh2_exec($con, "wall $msg"))) {
或
@McFilip用于安全使用“墙”。escapeshellarg($msg)
if (!($stream = ssh2_exec($con, 'wall ' . $msg))) {