Exploiting OS Command Injections
In the previous recipe, we have seen how PHP's system() can be used to execute OS commands in the server; sometimes developers use instructions similar to that or with the same functionality to perform some tasks and sometimes they use invalidated user inputs as parameters for the execution of commands.
In this recipe, we will exploit a Command Injection vulnerability and extract important information from the server.
How to do it...
Log into the Damn Vulnerable Web Application (DVWA) and go to Command Execution.
We will see a Ping for FREE form, let's try it. Ping to 192.168.56.1 (our Kali Linux machine's IP in the host-only network):
That output looks like it was taken directly from the ping command's output. This suggests that the server is using an OS command to execute the ping, so it may be possible to inject OS commands.
Let's try to inject a very simple command, submit the following:
192.168.56.1;uname -a.
We can see the
unamecommand's output just after...
