Hi, ran into this problem recently, probably a very simple explanation, but I didn't quite understand why it didn't work and couldn't find a lot of helpful information online.
So, essentially, I was on a CTF and found an XSS vulnerability from user input by using alert(0) with script tags. Not very helpful at the time, but I then noticed that it was a .php page, so I thought maybe I could try putting php code into the user input, and was hoping that when the page loaded with the php code in it, it might execute. I figured I'd use a small payload to see if it'd work, and used
<?php echo "<pre>" . shell_exec($_GET["cmd"]) . "</pre>"; ?> A pretty simple payload that just executes whatever shell command you send it, copied off the internet. I checked view source after inputting the php code, and the page with the xss did have the php code in it, however, when I went to the page and inserted a command like example.php?cmd='whoami', it didn't execute. I tried closing any open tags, commenting out the rest of the page, etc., to no avail though. Not very surprising it didn't execute as it'd likely be a huge vulnerability in php pages, but I don't quite understand why it didn't execute if the php code is stored in the page now. Does the php also only execute locally, kind of like how I understand javascript XSS works? If anyone could explain a little bit, that'd be great!
[link] [comments]
from hacking: security in practice https://ift.tt/xQ07zZr
Comments
Post a Comment