Catting a file containing php-code leads to php-code execution

Arrexel / phpbash

A semi-interactive PHP shell compressed into a single file.

Apache License 2.0

868 stars 195 forks source link

Catting a file containing php-code leads to php-code execution #7

Closed oschoudhury closed 6 years ago

oschoudhury commented 6 years ago

cat filename.php will lead to php-code execution, instead of being able to examine the php-code, This leads to all kind of weird stuff, like forms and boxes appearing in the terminal output and when clicking them can lead to link execution.

Arrexel commented 6 years ago

All output should now be properly escaped. Nice catch!