{"id":54,"date":"2026-05-28T18:47:06","date_gmt":"2026-05-28T10:47:06","guid":{"rendered":"https:\/\/pumpk1n.icu\/?p=54"},"modified":"2026-05-29T16:34:31","modified_gmt":"2026-05-29T08:34:31","slug":"rce","status":"publish","type":"post","link":"https:\/\/pumpk1n.icu\/index.php\/2026\/05\/28\/rce\/","title":{"rendered":"RCE"},"content":{"rendered":"<p>\u5728 Web \u5e94\u7528\u4e2d\u6709\u65f6\u5019\u7a0b\u5e8f\u5458\u4e3a\u4e86\u8003\u8651\u7075\u6d3b\u6027\u3001\u7b80\u6d01\u6027\uff0c\u4f1a\u5728\u4ee3\u7801\u8c03\u7528 \u4ee3\u7801\u6216\u547d\u4ee4\u6267\u884c\u51fd\u6570\u53bb\u5904\u7406\u3002\u6bd4\u5982\u5f53\u5e94\u7528\u5728\u8c03\u7528\u4e00\u4e9b\u80fd\u5c06\u5b57\u7b26\u4e32\u8f6c\u5316\u6210\u4ee3 \u7801\u7684\u51fd\u6570\u65f6\uff0c\u6ca1\u6709\u8003\u8651\u7528\u6237\u662f\u5426\u80fd\u63a7\u5236\u8fd9\u4e2a\u5b57\u7b26\u4e32\uff0c\u5c06\u9020\u6210\u4ee3\u7801\u6267\u884c\u6f0f \u6d1e\u3002\u540c\u6837\u8c03\u7528\u7cfb\u7edf\u547d\u4ee4\u5904\u7406\uff0c\u5c06\u9020\u6210\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002<\/p>\n<h1>\u5404\u79cd\u7ed5\u8fc7<\/h1>\n<h2>\u5e38\u89c1\u7ba1\u9053\u7b26<\/h2>\n<p>windows<\/p>\n<ul>\n<li>\u201c|\u201d\uff1a\u76f4\u63a5\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\u3002<\/li>\n<li>\u201c||\u201d\uff1a\u5982\u679c\u524d\u9762\u7684\u8bed\u53e5\u6267\u884c\u5931\u8d25\uff0c\u5219\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\uff0c\u524d\u9762\u7684\u8bed\u53e5\u53ea\u80fd\u4e3a\u5047\u624d\u884c\u3002<\/li>\n<li>\u201c&amp;\u201d\uff1a\u4e24\u6761\u547d\u4ee4\u90fd\u6267\u884c\uff0c\u5982\u679c\u524d\u9762\u7684\u8bed\u53e5\u4e3a\u5047\u5219\u76f4\u63a5\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\uff0c\u524d\u9762\u7684\u8bed\u53e5\u53ef\u771f\u53ef\u5047\u3002<\/li>\n<li>\u201c&amp;&amp;\u201d\uff1a\u5982\u679c\u524d\u9762\u7684\u8bed\u53e5\u4e3a\u5047\u5219\u76f4\u63a5\u51fa\u9519\uff0c\u4e5f\u4e0d\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\uff0c\u524d\u9762\u7684\u8bed\u53e5\u4e3a\u771f\u5219\u4e24\u6761\u547d\u4ee4\u90fd\u6267\u884c\uff0c\u524d\u9762\u7684\u8bed\u53e5\u53ea\u80fd\u4e3a\u771f\u3002<\/li>\n<\/ul>\n<p>linux<\/p>\n<ul>\n<li>\u201c;\u201d\uff1a\u6267\u884c\u5b8c\u524d\u9762\u7684\u8bed\u53e5\u518d\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\u3002<\/li>\n<li>\u201c|\u201d\uff1a\u663e\u793a\u540e\u9762\u8bed\u53e5\u7684\u6267\u884c\u7ed3\u679c\u3002<\/li>\n<li>\u201c||\u201d\uff1a\u5f53\u524d\u9762\u7684\u8bed\u53e5\u6267\u884c\u51fa\u9519\u65f6\uff0c\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\u3002<\/li>\n<li>\u201c&amp;\u201d\uff1a\u4e24\u6761\u547d\u4ee4\u90fd\u6267\u884c\uff0c\u5982\u679c\u524d\u9762\u7684\u8bed\u53e5\u4e3a\u5047\u5219\u6267\u884c\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\uff0c\u524d\u9762\u7684\u8bed\u53e5\u53ef\u771f\u53ef\u5047\u3002<\/li>\n<li>\u201c&amp;&amp;\u201d\uff1a\u5982\u679c\u524d\u9762\u7684\u8bed\u53e5\u4e3a\u5047\u5219\u76f4\u63a5\u51fa\u9519\uff0c\u4e5f\u4e0d\u6267\u884c\u540e\u9762\u7684\u8bed\u53e5\uff0c\u524d\u9762\u7684\u8bed\u53e5\u4e3a\u771f\u5219\u4e24\u6761\u547d\u4ee4\u90fd\u6267\u884c\uff0c\u524d\u9762\u7684\u8bed\u53e5\u53ea\u80fd\u4e3a\u771f\u3002<\/li>\n<\/ul>\n<h2>\u7a7a\u683c\u8fc7\u6ee4<\/h2>\n<h3>$<\/h3>\n<p>\u4f8b\u5982<\/p>\n<pre><code>cat flag.txt\ncat${IFS}flag.txt <\/code><\/pre>\n<h3>\u91cd\u5b9a\u5411\u7b26<\/h3>\n<p>\u4f8b\u5982<\/p>\n<pre><code>cat&lt;&gt;flag.txt\ncat&lt;flag.txt<\/code><\/pre>\n<h2>\u9ed1\u540d\u5355\u7ed5\u8fc7<\/h2>\n<h3>\u62fc\u63a5<\/h3>\n<p>\u4f8b\u5982<\/p>\n<pre><code>a=c;b=at;c=fla;d=g.txt;$a$b $c$d<\/code><\/pre>\n<h2>base64\u7f16\u7801<\/h2>\n<p>\u4f8b\u5982<\/p>\n<pre><code>`echo &quot;Y2F0IGZsYWcudHh0Cg==&quot;|base64 -d`<\/code><\/pre>\n<h2>\u5185\u655b\u6267\u884c\u7ed5\u8fc7<\/h2>\n<pre><code>`\u547d\u4ee4`\u548c$(\u547d\u4ee4)\u90fd\u662f\u6267\u884c\u547d\u4ee4\u7684\u65b9\u5f0f\n\n\u53cd\u5f15\u53f7``\u662f\u547d\u4ee4\u66ff\u6362\uff0c\u547d\u4ee4\u66ff\u6362\u662f\u6307Shell\u53ef\u4ee5\u5148\u6267\u884c``\u4e2d\u7684\u547d\u4ee4\uff0c\u5c06\u8f93\u51fa\u7ed3\u679c\u6682\u65f6\u4fdd\u5b58\uff0c\u5728\u9002\u5f53\u7684\u5730\u65b9\u8f93\u51fa\u3002\u8bed\u6cd5:`command`<\/code><\/pre>\n<h1>\u5e38\u89c1\u51fd\u6570<\/h1>\n<h2>\u4ee3\u7801\u6267\u884c\u51fd\u6570<\/h2>\n<ul>\n<li>eval()\uff1a\u628a\u5b57\u7b26\u4e32\u4f5c\u4e3aPHP\u4ee3\u7801\u6267\u884c<\/li>\n<li>assert()\uff1a\u65ad\u8a00<\/li>\n<li>call_user_func()\uff1a\u628a\u7b2c\u4e00\u4e2a\u53c2\u6570\u4f5c\u4e3a\u56de\u8c03\u51fd\u6570<\/li>\n<li>call_user_func_array()\uff1a\u8c03\u7528\u56de\u8c03\u51fd\u6570\uff0c\u5e76\u628a\u7b2c\u4e00\u4e2a\u6570\u7ec4\u4f5c\u4e3a\u56de\u8c03\u51fd\u6570\u7684\u53c2\u6570<\/li>\n<li>array_map()\uff1a\u4e3a\u6570\u7ec4\u7684\u6bcf\u4e2a\u5143\u7d20\u5e94\u7528\u56de\u8c03\u51fd\u6570<\/li>\n<\/ul>\n<h2>\u547d\u4ee4\u6267\u884c\u51fd\u6570<\/h2>\n<ul>\n<li>system()\uff1a\u6267\u884c\u5916\u90e8\u7a0b\u5e8f\u5e76\u663e\u793a\u8f93\u51fa<\/li>\n<li>exec()\uff1a\u6267\u884c\u4e00\u4e2a\u5916\u90e8\u7a0b\u5e8f<\/li>\n<li>shell_exec()\uff1a\u901a\u8fc7shell\u73af\u5883\u6267\u884c\u547d\u4ee4\uff0c\u5e76\u5c06\u5b8c\u6574\u7684\u8f93\u51fa\u4ee5\u5b57\u7b26\u4e32\u7684\u65b9\u5f0f\u8fd4\u56de<\/li>\n<li>passthru()\uff1a\u6267\u884c\u5916\u90e8\u547d\u4ee4\u5e76\u663e\u793a\u539f\u59cb\u8f93\u51fa<\/li>\n<li>pcntl_exec()\uff1a\u5728\u5f53\u524d\u8fdb\u7a0b\u7a7a\u95f4\u6267\u884c\u6307\u5b9a\u7a0b\u5e8f<\/li>\n<li><code>``<\/code> \u53cd\u5f15\u53f7()\uff1a\u5b9e\u9645\u8c03\u7528\u7684shell_exec()\u51fd\u6570<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>\u5728 Web \u5e94\u7528\u4e2d\u6709\u65f6\u5019\u7a0b\u5e8f\u5458\u4e3a\u4e86\u8003\u8651\u7075\u6d3b\u6027\u3001\u7b80\u6d01\u6027\uff0c\u4f1a\u5728\u4ee3\u7801\u8c03\u7528 \u4ee3\u7801\u6216\u547d\u4ee4\u6267\u884c\u51fd\u6570\u53bb\u5904\u7406\u3002\u6bd4\u5982\u5f53\u5e94\u7528\u5728\u8c03\u7528\u4e00\u4e9b\u80fd\u5c06\u5b57\u7b26\u4e32\u8f6c\u5316\u6210 &#8230;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"emotion":"","emotion_color":"","title_style":"","license":"","footnotes":""},"categories":[6,12],"tags":[],"class_list":["post-54","post","type-post","status-publish","format-standard","hentry","category-owasp","category-rce"],"_links":{"self":[{"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/posts\/54","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/comments?post=54"}],"version-history":[{"count":2,"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/posts\/54\/revisions"}],"predecessor-version":[{"id":56,"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/posts\/54\/revisions\/56"}],"wp:attachment":[{"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/media?parent=54"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/categories?post=54"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pumpk1n.icu\/index.php\/wp-json\/wp\/v2\/tags?post=54"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}