PHP Snippet #07

Bookmarked!

This challenge covers the review of a snippet of code written in PHP

PRO
Tier
Easy
< 1 Hr.
0

The Code Review Snippet challenge gives you a snippet of PHP code that contains a security vulnerability. The task is to find the issue without watching the video initially. The provided code checks if the $_GET["count"] parameter is set and falls within a specified range before using it in a system command to ping pentesterlab.com. However, this code is vulnerable to command execution attacks because it does not verify whether $_GET["count"] is an integer.

In the video, the vulnerability is explained in detail. The code checks if $_GET["count"] is greater than zero and less than or equal to four, but it does not ensure that it is an integer. As a result, a malicious user can inject additional commands by including a semicolon in the count parameter. For example, a value of 1;touch /tmp/command_execution would be cast to 1 for the comparisons but would execute the additional touch command when concatenated to the ping command, resulting in unintended command execution.

Want to learn more? Get started with PentesterLab Pro! GOPRO