I’m trying to run shell_exec() in a LocalWP env. I can run pwd, but something as simple as ls returns NULL. I need to be able to shell_exec() because I’m building a security scanner that runs wpscan and returns the results.
Thanks!
Hi @tomstuurlui
What type of environment do you have set up? Are you using our preferred settings or do you have a custom build?
The preferred settings, just a simple single site, 3 plugins ACF, YoastSEO, Gravity Forms.
Have you tried using the full path to ls or wpscan, @tomstuurlui? For example:
var_dump(shell_exec('/bin/ls'));
Gives me the output I expect:
string(330) "index.php license.txt local-phpinfo.php local-xdebuginfo.php readme.html test.php wp-activate.php wp-admin wp-blog-header.php wp-comments-post.php wp-config-sample.php wp-config.php wp-content wp-cron.php wp-includes wp-links-opml.php wp-load.php wp-login.php wp-mail.php wp-settings.php wp-signup.php wp-trackback.php xmlrpc.php "
Local doesn’t prevent use of shell_exec() directly. Look at http://[yoursite].local/local-phpinfo.php and note that disable_functions is empty. But it does use a different PATH than the one you’d have access to as a regular shell user.
If you ever need to see why a command in shell_exec is failing, you can redirect error output so it becomes visible:
<?php
var_dump(shell_exec('ls 2>&1'));
If I put that in test.php and visit http://[mysite].local/test.php, it gives me:
string(26) "sh: ls: command not found "
Confirming that PHP can’t find ls when running under nginx.
1 Like
This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.