2014.11.08 21:45

## php mail function php injection

With that said, let’s just dive into it!

This is the code for exploiting the mail() function

Let’s inspect the logs from this. First let’s have a look at what we can see in the browser by only going to the rce.php file

Nothing really scary to see in this log. Now, let’s use the `cat`command in the terminal on the same file

See anything a bit more interesting? Let’s try to execute some commands.

I visit http://localhost/rce.php?cmd=ls%20-la and get the following output

Now, let me break it down in case you don’t fully understand the code

#### 'Web_Hacking' 카테고리의 다른 글

 [ python ] whitehat 웹해킹 문제 블라인드 인젝션 exploit 코드  (0) 2015.10.24 2015.03.03 2014.11.08 2013.10.05 2013.09.15 2013.09.15