PHP: escapeshellcmd vs escapeshellarg

Executing system commands on the programming language level sounds like asking for trouble. But how to do it right and safe?
Subscribe: https://www.youtube.com/c/KacperSzurekEN?sub_confirmation=1

In PHP, if we want to use the system command that allows you to execute any program from the operating system we should use one of two commands: escapeshellcmd or escapeshellarg.
But how do these two functions differ from each other?
And what is the difference in their usage?
Can you use them interchangeably?

Let's start with the first function - escapeshellarg.
Its use assures that the user has given exactly one parameter to the command chosen by us.
User can not provide more parameters or execute another command.
The standard usage looks like this: the programmer selects the command which execution wants to allow, for example, dir - so that the user can list any directory.
The parameter provided by the user is passed to the escapeshellarg function.

The second function - escapeshellcmd.
Ensures that only one command will be executed. It is not possible to inject additional commands using a trick with a semicolon or pipe.
But - this command can contain an infinite number of parameters.
So if we decide to use it, we must make sure that any parameter can not be used incorrectly.

My article: https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
Twitter: https://twitter.com/kacperszurek
Website: https://security.szurek.pl/
Github: https://github.com/kacperszurek/

#from0topentestinghero #security #php