Posts

Showing posts from April, 2017

Code injection

Image
Code injection hi guys am going to solve  PentesterLab Code injection  if you dont know about code injection it's one of big bugs that let hacker to execute codes in server i will give link explain all information about this bug now let us begin in  this  section include four task and how to get RCE  and execute php code . this first challenge let pwn it    pentesters  try to get error simple way to add double quotes  oh nice you can see it's use eval ,eval one of function in php that when you pass string it convert it to php code now we get error let try to understand how it work here if you see in second picture it's expecting ! and if you compare it with first one you can see !!! if you change name in parameter it's still add !!! to end  after reversing code  i can write simple code act like this  now we have simple code now let to try to fix error  if you add "." it fix error and