A Little Helper – The PHP Command Shell

Michael Schneider

doi:10.5281/zenodo.3521831

Published August 24, 2017 | Version v1

Journal article Open

A Little Helper – The PHP Command Shell

Michael Schneider¹

1. scip AG

Contributors

Editor:

Marc Ruef¹

1. scip AG

Command injection involves inserting a command into an existing command chain. The classic case is to add a command to a ping parameter. PHP offers various mechanisms for executing commands in the file system. Our PHP scripts seek out these kinds of attack vectors in systems.

Notes

This paper was written in 2017 as part of a research project at scip AG, Switzerland. It was initially published online at https://www.scip.ch/en/?labs.20170824 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.

Files