Greetings to all from a springtime Constantinople,
In this article, I will explain to you during application tests, which commands can be used to trigger code injection vulnerability on the software technology of the target application.
1. We were informed by our project manager that I would conduct tests on private.com.
2. As always, I first verified the coverage form and started the necessary security testing.
3. First of all, I started the reconnaissance steps on the target application, one of the most important information I gained after the reconnaissance steps was that the application was PHP-based.
So what does this mean for us?
By learning which language the target application is coded in, we can take advantage of various hardening deficiencies and problems of the relevant software technology, and we can make good findings in a short time.
4. I completed various reconnaissance steps on the target application and passed to the next stage, and I found vulnerabilities at various levels, but the most motivated one was the detection of code injection vulnerability.
To briefly explain the code injection vulnerability:
Code injection, also called Remote Code Execution (RCE), occurs when an attacker exploits an input validation flaw in software to introduce and execute malicious code. Code is injected in the language of the targeted application and executed by the server-side interpreter. Any application that directly uses unvalidated input is vulnerable to code injection, and web applications are a prime target for attackers. — Zbigniew Banach
5. From this point of view, I wanted to obtain delays by using passthru or sleep function to verify the code injection vulnerability on a PHP-based target application to a large extent.I detected the domain address:
at this address, we can answer the question of how to run system commands on many programming languages.
6. “passthru(“ls”);” on the private.com application with reference to the address I specified. and “sleep(5);” I was able to verify the delay on the target application using the functions and started the exploits to further the vulnerability.
When starting the tests on the target application, it is very important to determine which software technology was used first. Because vulnerabilities such as “code injection” can be injected in the software language of the targeted application, knowing which software technology is used on the relevant application will speed up the process.