Security ❀ Command Injection 命令注入

网友投稿 708 2022-11-24

Security ❀ Command Injection 命令注入

Security ❀ Command Injection 命令注入

文章目录

​​1、low​​​​2、medium​​​​3、high​​​​4、impossible​​

1、low

源码解析

{$cmd}";}?>

源码未限制输入内容,因此直接使用命令进行注入攻击;

2、medium

源码解析:

'', ';' => '', ); // Remove any of the charactars in the array (blacklist). $target = str_replace( array_keys( $substitutions ), $substitutions, $target ); // Determine OS and execute the ping command. if( stristr( php_uname( 's' ), 'Windows NT' ) ) { // Windows $cmd = shell_exec( 'ping ' . $target ); } else { // *nix $cmd = shell_exec( 'ping -c 4 ' . $target ); } // Feedback for the end user echo "

{$cmd}
";}?>

3、high

源码解析:

'', ';' => '', '| ' => '', '-' => '', '$' => '', '(' => '', ')' => '', '`' => '', '||' => '', ); // Remove any of the charactars in the array (blacklist). $target = str_replace( array_keys( $substitutions ), $substitutions, $target ); // Determine OS and execute the ping command. if( stristr( php_uname( 's' ), 'Windows NT' ) ) { // Windows $cmd = shell_exec( 'ping ' . $target ); } else { // *nix $cmd = shell_exec( 'ping -c 4 ' . $target ); } // Feedback for the end user echo "

{$cmd}
";}?>

4、impossible

源码解析:源码将输入定义为4个整数,完全防护输入为一个IP地址;

字节 $octet = explode( ".", $target ); // Check IF each octet is an integer 检查每个字节是否为整数 if( ( is_numeric( $octet[0] ) ) && ( is_numeric( $octet[1] ) ) && ( is_numeric( $octet[2] ) ) && ( is_numeric( $octet[3] ) ) && ( sizeof( $octet ) == 4 ) ) { // If all 4 octets are int's put the IP back together. $target = $octet[0] . '.' . $octet[1] . '.' . $octet[2] . '.' . $octet[3]; // Determine OS and execute the ping command. if( stristr( php_uname( 's' ), 'Windows NT' ) ) { // Windows $cmd = shell_exec( 'ping ' . $target ); } else { // *nix $cmd = shell_exec( 'ping -c 4 ' . $target ); } // Feedback for the end user echo "

{$cmd}
"; } else { // Ops. Let the user name theres a mistake echo '
ERROR: You have entered an invalid IP.
'; }}// Generate Anti-CSRF token 生成Anti-CSRF令牌generateSessionToken();?>

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:Linux ❀ RHCE自研教学笔记 - Redhat 8.2 DNS服务教研笔记
下一篇:Security ❀ File Upload 文件上传
相关文章

 发表评论

暂时没有评论,来抢沙发吧~