2021-09-08 02:09:14 +02:00
|
|
|
# PHP Command Injection
|
|
|
|
|
Injecting commands to execute code on the server side via php.
|
|
|
|
|
|
2021-09-14 00:35:24 +02:00
|
|
|
* [Hacktricks](https://book.hackstricks.xyz/pentesting-web/file-upload)
|
|
|
|
|
|
2021-09-08 02:09:14 +02:00
|
|
|
## Blind Command Injection
|
|
|
|
|
Attacker does not register a direct response.
|
|
|
|
|
|
|
|
|
|
### Detect Blind Command Injection
|
|
|
|
|
Try to save output to URI resource like `output.php`
|
|
|
|
|
|
|
|
|
|
## Active Command Injection
|
