July 2018
Beginner
564 pages
12h 22m
English
Content preview from Learn Ethical Hacking from Scratch
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Code execution vulnerabilities
This type of vulnerability allow us to execute the operating system (OS) code on the target server. If the target server uses Windows, we will be able to execute Windows commands. If it uses Linux, then we will be able to use Linux commands.
This is a critical vulnerability that would allow the attacker to do anything they want with the target's server. We can upload a PHP shell using the wget command, or upload a payload, a virus, using the wget Linux command. We just need to make sure that we're uploading it to a file or to a directory that we're allowed to write to.
Another way of exploiting this vulnerability is to just run OS commands and get a reverse shell based on these commands. We can run OS commands ...