Forum Thread: Command Execution on Dvwa High Security Level?

How to execute command on DVWA high security level?

Here is the code:

Command Execution Source


if( isset( $POST 'submit' ) ) {

$target = $REQUEST"ip";

$target = stripslashes( $target );

// Split the IP into 4 octects
$octet = explode(".", $target);

// Check IF each octet is an integer

if ((isnumeric($octet0)) && (isnumeric($octet1)) && (isnumeric($octet2)) && (isnumeric($octet3)) && (sizeof($octet) == 4) ) {

// If all 4 octets are int's put the IP back together.
$target = $octet0.'.'.$octet1.'.'.$octet2.'.'.$octet3;

// Determine OS and execute the ping command.
if (stristr(phpuname('s'), 'Windows NT')) {

$cmd = shellexec( 'ping ' . $target );
echo '<pre>'.$cmd.'</pre>';

} else {

$cmd = shellexec( 'ping -c 3 ' . $target );
echo '<pre>'.$cmd.'</pre>';



else {
echo '<pre>ERROR: You have entered an invalid IP</pre>';



Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

2 Responses

The high security setting is supposed to demonstrate the correct way to perform the exploited function. In other words, it's not meant to be exploitable in this setting.


i've found tutorials for sql injections and csrf in high security. so i think there is a way for it too.

Share Your Thoughts

  • Hot
  • Active