August 2018
Intermediate to advanced
404 pages
10h 22m
English
We have seen before how PHP's system() can be used to execute operating system commands in the server; sometimes, developers use instructions such as that, or others with the same functionality, to perform certain tasks. Sometimes, they use unvalidated user input as parameters for the execution of commands.
In this recipe, we will exploit a command injection vulnerability and extract important information from the server.
Read now
Unlock full access