Course

This course details the steps to exploit a command injection vulnerability in the PHPMailer library, which is used across a wide range of PHP projects. The vulnerability allows an attacker to inject extra arguments into the sendmail command, enabling the creation of a PHP file in the web root of the server. Once the file is created, the attacker can achieve command execution by injecting a simple web shell into the email's body.

The exploitation process is demonstrated in two main steps: creating a file with a PHP extension and accessing the newly created file. The course provides a detailed explanation and practical examples of how to carry out these steps, even overcoming input validation barriers within the application. By the end of the lab, participants will understand how to exploit this vulnerability to gain command execution on vulnerable PHP applications.