Course

In this course, you'll learn to exploit a vulnerability akin to CVE-2020-7115. The application in question uses the `clamscan` command to check uploaded files for malware. The crafted filenames can be manipulated to execute arbitrary code by bypassing security functions such as `basename` and `escapeshellcmd()` in PHP.

The lab demonstrates how to exploit more complex command execution scenarios. Despite the limitations imposed by `basename` and `escapeshellcmd()`, you will learn how to forge your own exploit to gain command execution on a server. This exercise is designed to enhance your understanding of intricate command injection vulnerabilities and their exploitation.