Code Injection/Execution In this vulnerability an attacker maliciously takes advantage of a script which contains system functions/calls, to read or execute files on a remote server. This is synonymous to having a backdoor shell. Needless to say that under certain circumstances privilege escalation is possible. In this example a script is using the exec() function to execute the ping command. However, the host is dynamic as it is being passed via an HTTP GET request. PHP Injection/Execution PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.
Technical Bandey provides useful digital tips and resources on software, apps and gadgets you can't live without.