How to execute command on DVWA high security level?
Here is the code:
Command Execution Source
<?php
if( isset( $POST 'submit' ) ) {
$target = $REQUEST"ip";
$target = stripslashes( $target );
// Split the IP into 4 octects
$octet = explode(".", $target);
// Check IF each octet is an integer
if ((isnumeric($octet0)) && (isnumeric($octet1)) && (isnumeric($octet2)) && (isnumeric($octet3)) && (sizeof($octet) == 4) ) {
// If all 4 octets are int's put the IP back together.
$target = $octet0.'.'.$octet1.'.'.$octet2.'.'.$octet3;
// Determine OS and execute the ping command.
if (stristr(phpuname('s'), 'Windows NT')) {
$cmd = shellexec( 'ping ' . $target );
echo '<pre>'.$cmd.'</pre>';
} else {
$cmd = shellexec( 'ping -c 3 ' . $target );
echo '<pre>'.$cmd.'</pre>';
}
}
else {
echo '<pre>ERROR: You have entered an invalid IP</pre>';
}
}
?>
2 Responses
The high security setting is supposed to demonstrate the correct way to perform the exploited function. In other words, it's not meant to be exploitable in this setting.
-Defalt
i've found tutorials for sql injections and csrf in high security. so i think there is a way for it too.
Share Your Thoughts