How to concatenate 2 function in php

Question

I have an application with the following code:

<?php 

if(isset($_GET['function'])){ 
        $_GET['function'](); 
} 

?> 

So if i entered this url: http://localhost/?function=phpinfo

I will see the phpinfo function output on the screen.

can i have a way to concatenate 2 function in the url like this example:

http://localhost/?function=shell_exec('ls') AND phpinfo

So i want to see the first function output..

If you may asking why i need this, is because i am pen testing an web application with this situation..

By the way any suggestion to hack this situation will help.

Thanks for the help..

Answer 1

You cannot concatenate functions as it's not code injection per se, ie: you cannot affect the way the parser reads the code. Further more in the example you provided you have no control over any parameters passed to the function, so what you are proposing is not feasible.

You would have to find a way to pass control to a function which performs unsafe operations directly on user supplied input ($_GET, $_POST, etc) in order to leverage this weakness remote code execution. Depending on the complexity of the application you may be able to identify a function which calls system, eval, unserialize, or another dangerous function on user supplied data.