PHP Command Injection Vulnerability in Web applications

Create a new PHP file, name it test_command_injection.php, and save it inside Apache’s htdocs directory:

<?php
if(isset($_GET['filename']))
{
	$filename = $_GET['filename'];
	if(file_exists($filename))
	{
		unlink($filename);
	}
}

Open your favorite browser and open url: http://localhost/test_command_injection.php?filename=path_to_file_4_deletion

As you can see you could delete any file in the system if you provide the right path..

%d bloggers like this: