From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Injecting commands through the URL
From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Injecting commands through the URL
- [Instructor] I scripted up a PHP-based webpage on Metasploitable called commandget.php. It's in the folder "/var/www". And we'll use this to demonstrate how we can inject arbitrary operating system commands into a Web server. The purpose of the PHP script is to do an nslookup of the host and display the results. The script starts with an HTML header and webpage heading followed by a PHP script to do the lookup. Note the isset command which ensures that, if no host has been specified on the URL, the script just continues to display a form for the names of a lookup. Okay, let's run this. I'll browse to the Metasploitable page from Iceweasel. Okay, I'll submit the query with the default selection and we get the results for Amazon. I'll run it again and select Google. We can see, on the URL, the host name inserted. I'll add a semicolon to the end of the line and then append the ls command and I'll send the URL to the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.