Hackzzz - The Notebook

⚡Welcome!
Everything About and Notes
Gadgets
🚩Resources

Powered by GitBook

On this page

Code Execution

PreviousFile Upload NextLocal File Inclusion

Last updated 1 year ago

This type of vulnerability lets us do:

Allows an attacker to execute OS commands on the server.
Can be used to get a reverse shell or, upload any file using wget command.

Example Using DVWA:

Here we have an input on the web application that pings the IP we provided to it.

Supposing that behind is something like "ping $IPvariable" as a command.
We can try to exploit using a colon ( ; ) or a pipe ( | ) followed by the command we want to execute.
So, the code behind will look something like this: ("ping <IP> ; whoami") or ("ping <IP> | whoami").

Here I wanted to gain access to the server so supposing it haves netcat, I try to get a shell with.
Successfully gain access to the server.

More explanation examples and details in the following below.

🧑‍💻OS Command Injection