0

I am executing an AJAX request using jQuery as such:

$.get({
          url: 'run_program.php',
          data: 'action=run&number=' + $('#number').val(),
          success: function (j) {
            alert(j);
          }

runprogram.php is as such:

<?php
if(isset($_GET['action']) && !empty($_GET['action'])) {
    run($_GET['number']);
}

function run($number) {
    echo shell_exec('program.exe $number');
}
?>

The response I get from the server is always 0. I am running this locally by the way, so there are no security problems. The program is simply coded to square the number passed in as input. It works perfectly fine in cmd. When I echo $number, it correctly gives the value that I passed in using jQuery. What is the problem in my code?

Improve this question
4
  • 3
    ouch - runprogram.php?number=0;cat%20/etc/passwd Commented Jul 3, 2012 at 9:47
  • You're passing literally program.exe $number to the shell. You need to change the single quotes to double quotes: "program.exe $number" or move the variable outside the string: 'program.exe '.$number Commented Jul 3, 2012 at 9:47
  • @Alnitak, pretty much what I was about to say. Scary how many times we find this kind of code on Stack Overflow. Commented Jul 3, 2012 at 9:48
  • use double quotes with shell_exec() arguments, otherwise $number is not expanded by PHP Commented Jul 3, 2012 at 9:48

1 Answer 1

Reset to default
1

The problem would be your line

echo shell_exec('program.exe $number');

in that this will actually call program.exe with "$number" as text as a value. You need to use double quotes eg

echo shell_exec("program.exe $number");
Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

I'm not upvoting an answer that doesn't fix the massive security problem at the same time...
@Alnitak why not? This answers the question perfectly. The comments above highlight the security issue.
@JonTaylor because it would be irresponsible, and also indicates that the poster is themselves unaware of the security problem.
I am aware of the security problem, I just wanted to know what was wrong and this answers it perfectly.
It is not irresponsible at all. While I agree that people need to learn of such security issues, This answer perfectly answers the question asked. The fact the guy has other security concerns is not the point.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.