Loading video...

Video Failed to Load

Go Home

Improperly Secured PHP Functions Can Lead to Full System Acces 🧵

offsectraining's profile picture

OffSec

320,939 subscribers

11,993 views • 1 year ago •via X (Twitter)

Science & Technology
LIVE

Anya Rossi• Live Now

Private livecam show

5 Comments

OffSec's profile picture
OffSec1 year ago

A vulnerable PHP function, system(), allowed us to execute arbitrary commands on the target. By capturing a generated password and modifying the request, we successfully executed id—proving remote code execution (RCE) was possible.

OffSec's profile picture
OffSec1 year ago

What this means: ⭕️ Attackers can escalate this to a reverse shell, gaining full control over the system. ⭕️ Web apps that allow unsanitized user input in system commands are high-risk targets.

OffSec's profile picture
OffSec1 year ago

Key takeaway: If you're securing web applications, always assume input can be weaponized and lock down execution paths before attackers do. Prevent this by disabling functions (system, exec, shell_exec) and implementing proper input validation.

OffSec's profile picture
OffSec1 year ago

For more tutorials, join OffSec Live: 🗓️ Friday, February 14th, 2025 at 6:00 p.m. ET 💻 PG Practice Machine: Shiftdel 🎯 Topic: PEN-200 - Common Web Application Attacks, Locating Public Exploits and Linux Privileges Escalation

毛玉真's profile picture
毛玉真1 year ago

确实,PHP函数如果没有妥善保护,可能会导致系统被完全访问。这提醒我们在开发中要加强安全措施,确保代码安全,避免潜在风险。💰

Related Videos

LEAD SECURED ✅
0:56

LEAD SECURED ✅

Rays on FanDuel Sports Network

10,271 views • 2 years ago

Finished full tile and object interaction + action system I'm building my own game engine in JS. Should have the basic engine functions ready now. Time to add fun things ✨
0:24

Finished full tile and object interaction + action system I'm building my own game engine in JS. Should have the basic engine functions ready now. Time to add fun things ✨

Danny Postma

38,658 views • 1 year ago

Introducing #Chainlink Functions—the serverless #Web3 platform for connecting any data, device, or system to smart contracts. Functions brings Web2 services like Amazon Web Services, Meta, and Google Cloud on-chain to empower devs to #LinkTheWorld to Web3.
0:24

Introducing #Chainlink Functions—the serverless #Web3 platform for connecting any data, device, or system to smart contracts. Functions brings Web2 services like Amazon Web Services, Meta, and Google Cloud on-chain to empower devs to #LinkTheWorld to Web3.

Chainlink

359,681 views • 3 years ago

Pitchfest Opener by Tina Dai ✨ co-lead of Bufficorn Ventures Full video below 👇🧵
0:34

Pitchfest Opener by Tina Dai ✨ co-lead of Bufficorn Ventures Full video below 👇🧵

ETHDenver 🏔🦬🦄

38,935 views • 3 months ago

🗣️ Important reminder: All MPs can now correct the official record when they make a mistake. This improvement to the parliamentary correction system comes after campaigning from Full Fact. We hope to see our politicians lead by example.
0:33

🗣️ Important reminder: All MPs can now correct the official record when they make a mistake. This improvement to the parliamentary correction system comes after campaigning from Full Fact. We hope to see our politicians lead by example.

Full Fact

59,422 views • 1 year ago

We sat down with Epic Engineering Lead Aidan McDu to discuss how the new Custom Lightsaber system was built in UEFN. Using Custom Inventory & Items and Verse, players can create their own lightsaber with unique hilts, crystals, Force abilities, and more. Here's how the team brought customizable lightsabers to Fortnite 🧵:
0:25

We sat down with Epic Engineering Lead Aidan McDu to discuss how the new Custom Lightsaber system was built in UEFN. Using Custom Inventory & Items and Verse, players can create their own lightsaber with unique hilts, crystals, Force abilities, and more. Here's how the team brought customizable lightsabers to Fortnite 🧵:

Fortnite Developers

36,197 views • 1 month ago

2. Why brain health matters. Your brain controls every system in your body: • Nervous system • Immune response • Hormone regulation A neglected brain can lead to: • Brain fog • Mood swings • Poor memory • Neurodegenerative diseases.
0:59

2. Why brain health matters. Your brain controls every system in your body: • Nervous system • Immune response • Hormone regulation A neglected brain can lead to: • Brain fog • Mood swings • Poor memory • Neurodegenerative diseases.

Joey Yochheim

328,443 views • 1 year ago

In Coach Cortney Braswell’s system, Cover 6 functions as a boundary-reduction call: 🔹 Cover 2 to boundary, Quarters to field 🔹 9-tech Anchor = force, Mike spills, Will boxes 🔹 Structure aligns to field/boundary, not formation Full breakdown:
1:29

In Coach Cortney Braswell’s system, Cover 6 functions as a boundary-reduction call: 🔹 Cover 2 to boundary, Quarters to field 🔹 9-tech Anchor = force, Mike spills, Will boxes 🔹 Structure aligns to field/boundary, not formation Full breakdown:

Football Coach™️

25,594 views • 1 year ago

Tymek Kucharczyk has secured the lead after the opening- corner incident! 😲
0:54

Tymek Kucharczyk has secured the lead after the opening- corner incident! 😲

INDY NXT by Firestone

17,246 views • 19 days ago

Rosé easily secured the lead dancer position and people are still trying to convince everyone otherwise🫢 #ROSÉ #로제
1:03

Rosé easily secured the lead dancer position and people are still trying to convince everyone otherwise🫢 #ROSÉ #로제

Rosé Stan ( ၴႅၴ

43,728 views • 29 days ago

Breaking: We can now prove that AI is correct. DeepProve-1 is the first production-ready zkML system to cryptographically verify a full LLM inference. Lagrange has successfully proven the inference of OpenAI’s GPT-2, moving verifiable AI from theory to production: 🧵
0:22

Breaking: We can now prove that AI is correct. DeepProve-1 is the first production-ready zkML system to cryptographically verify a full LLM inference. Lagrange has successfully proven the inference of OpenAI’s GPT-2, moving verifiable AI from theory to production: 🧵

LAGRANGE

249,005 views • 10 months ago

🚨In Hong Kong, crossing the street improperly can result in a police citation, with pedestrians facing fines of up to $255.
0:31

🚨In Hong Kong, crossing the street improperly can result in a police citation, with pedestrians facing fines of up to $255.

RussiaNews 🇷🇺

20,078 views • 1 month ago

"You can't fix a system problem from the system creating the problem." - Jeff Booth ⚡️ The debt system is a psyop designed to steal your time. I sat down with Jeff Booth to discuss the inevitable collision between Exponential AI and Insolvent Debt. Full episode in 🧵
0:57

"You can't fix a system problem from the system creating the problem." - Jeff Booth ⚡️ The debt system is a psyop designed to steal your time. I sat down with Jeff Booth to discuss the inevitable collision between Exponential AI and Insolvent Debt. Full episode in 🧵

Peter McCormack 🏴‍☠️🇬🇧🇮🇪

26,094 views • 4 months ago

Refreshed castle building system More in🧵
0:50

Refreshed castle building system More in🧵

Highland Keep

61,875 views • 9 months ago

Crimson Desert has a Wanted System that can lead to you getting a bounty or going to jail for commiting crimes. Just look at all these dudes chasing him 😭
0:21

Crimson Desert has a Wanted System that can lead to you getting a bounty or going to jail for commiting crimes. Just look at all these dudes chasing him 😭

KAMI

510,841 views • 4 months ago

The Lorenz system is a model that describes chaotic behavior in atmospheric convection. Its study reveals how small changes in initial conditions can lead to different outcomes.
0:46

The Lorenz system is a model that describes chaotic behavior in atmospheric convection. Its study reveals how small changes in initial conditions can lead to different outcomes.

Samuel Vaiter

11,386 views • 1 year ago

China’s meritocratic system explained. Only the best rise to the top and lead.
2:46

China’s meritocratic system explained. Only the best rise to the top and lead.

Sentletse 🇿🇦🇷🇺🇵🇸🇱🇧

13,513 views • 1 year ago