Closed daffainfo closed 4 years ago
Hello, i found PHP Code injection Iam using system() function in PHP to test it, when run simple php code injection payload to read /etc/passwd <?php system('cat /etc/passwd'); ?> The output will be like this
<?php system('cat /etc/passwd'); ?>
That is OK, code is run in a sandboxed environment. The same thing can be achieved with Bash.
Thanks for the heads up though and let me know if you found a bug that allowed you to exploit the IDE or API.
Hello, i found PHP Code injection Iam using system() function in PHP to test it, when run simple php code injection payload to read /etc/passwd
<?php system('cat /etc/passwd'); ?>
The output will be like this