In the previous recipe, we have seen how PHP's
system() can be used to execute OS commands in the server; sometimes developers use instructions similar to that or with the same functionality to perform some tasks and sometimes they use invalidated user inputs as parameters for the execution of commands.
In this recipe, we will exploit a Command Injection vulnerability and extract important information from the server.
That output looks like it was taken directly from the ping command's output. This ...