24 lines
567 B
Markdown
24 lines
567 B
Markdown
# PHP Command Injection
|
|
|
|
Injecting commands to execute code on the server side via php.
|
|
|
|
* [Hacktricks](https://book.hackstricks.xyz/pentesting-web/file-upload)
|
|
|
|
* Blind injection
|
|
* Verbose injection
|
|
|
|
## Blind Injection
|
|
* Check via ping, open a `tcpdump` on ICMP to listen for packets
|
|
* Redirect to logfile and read
|
|
* Use `sleep` or `timeout` to check if ci is possible in general
|
|
|
|
### Detect Blind Command Injection
|
|
Try to save output to URI resource like `output.php`
|
|
|
|
## Functions
|
|
* Watch out for
|
|
* `eval()`
|
|
* `exec()`
|
|
* `passthru()`
|
|
* `system()`
|