Command Injection

Command injection is an attack against a vulnerable web application that allows you to run different commands on the host operating system. In this lab, you will learn how a command injection vulnerability can be executed in a PHP script.

outcomes

In this lab, you will learn to:

Run PHP scripts at the command line.
Attack a system using a command injection vulnerability in PHP scripts.

videos:

Before you start this lab, review these videos.

Running the PHP Code

Adding the Code

Remote Shell

Overview

In this lab we are going to add some PHP code that will make the site susceptible to command injection. Your pentesting assignment will consist of you exploiting the vulnerability. There will be no demonstration of the attack.

Command Injection

Courses

Pentesting and Understanding Vulnerabilities - Skill Labs

Key terms and descriptions

Command injection attack

A command injection attack is an attack against a vulnerable web application that allows you to run different commands on the host operating system.

Netcat

Netcat or nc is a Swiss army knife of security tool for a system administrator. NC can be a port scanning tool, copying files, a chat server, creating back doors, a network monitoring tool, and other security utilities.