killchain-compendium/Exploits/Web/Command Injection.md

# PHP Command Injection

Injecting commands to execute code on the server side via php.

* [Hacktricks](https://book.hackstricks.xyz/pentesting-web/file-upload)

* Blind injection
* Verbose injection

## Blind Injection
* Check via ping, open a `tcpdump` on ICMP to listen for packets
* Redirect to logfile and read
* Use `sleep` or `timeout` to check if ci is possible in general

### Detect Blind Command Injection
Try to save output to URI resource like `output.php`

## Functions
* Watch out for 
    * `eval()`
    * `exec()`
    * `passthru()`
    * `system()`
cleanup done 2022-11-13 22:52:30 +01:00			`# PHP Command Injection`

			`Injecting commands to execute code on the server side via php.`

			`* [Hacktricks](https://book.hackstricks.xyz/pentesting-web/file-upload)`
restructured Exploits 2022-11-13 22:38:01 +01:00
			`* Blind injection`
			`* Verbose injection`

			`## Blind Injection`
			* Check via ping, open a `tcpdump` on ICMP to listen for packets
			`* Redirect to logfile and read`
			* Use `sleep` or `timeout` to check if ci is possible in general

cleanup done 2022-11-13 22:52:30 +01:00			`### Detect Blind Command Injection`
			Try to save output to URI resource like `output.php`

restructured Exploits 2022-11-13 22:38:01 +01:00			`## Functions`
			`* Watch out for`
			* `eval()`
			* `exec()`
			* `passthru()`
			* `system()`