RCE via argument injection
Bookmarked!This exercise covers a remote command execution vulnerability via argument injection
In this course, you'll learn to exploit a vulnerability akin to CVE-2020-7115. The application in question uses the clamscan
command to check uploaded files for malware. The crafted filenames can be manipulated to execute arbitrary code by bypassing security functions such as basename
and escapeshellcmd()
in PHP.
The lab demonstrates how to exploit more complex command execution scenarios. Despite the limitations imposed by basename
and escapeshellcmd()
, you will learn how to forge your own exploit to gain command execution on a server. This exercise is designed to enhance your understanding of intricate command injection vulnerabilities and their exploitation.