Lab 2.3‐Command Injection Vulnerabilities ‐ Grepper - FlameSpyro/Tech-Journal GitHub Wiki
- To start, we need to make a new webpage and boot it up with PHP.
<form id="logform" method="post">
<div>Search Term: <input type="text" name="search"><div>
</select>
<div class="full-width"></br>
<button type="submit">Search</button>
</div>
</form>
<?php
if(isset($_POST['search'])) {
$searchterm=$_POST['search'];
echo "<div>";
echo "<h1>Searchterm:" . $searchterm . "</h1>";
echo "</div>";
echo "<pre>";
passthru("cat /usr/share/wordlists/rockyou.txt | grep " . $searchterm);
echo "</pre>";
}
?>
-
And look a seemingly normal webpage that lets us search through rockyou. Lets break it!
-
All we have to do is on any search that yields results we just add
&& IP aafter it and it will spill some info at the bottom!
