In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Let's start by analyzing the Command Execution command execution vulnerability in DVWA.
First of all, set DVWA Security to Low, select Command Execution, enter an IP in the text box, and click Submmit submit to execute the ping command.
Click "View Source" to view the source code of the page.
As you can see, the data here is submitted as post and assigned to the variable $target.
Next, there is an if statement, the judgment condition is "stristr (php_uname ('s'), 'Windows NT')", which is used to determine whether the current system is Windows, because the ping command execution parameters under Windows and Linux are different.
Next is to assign the value of the function "shell_exec ('ping'. $target)" to the variable $cmd, and output the value of $cmd, which is actually executing the "shell_exec ('ping'. $target)" function, so the shell_exec () function is the core here.
The purpose of the shell_exec () function is to execute operating system commands in PHP, so if you do not filter the commands entered by the user, you can theoretically execute any system command, which is equivalent to directly obtaining the system-level Shell, so the power of the command containing vulnerabilities is much greater than that of SQL injection.
For example, when we type "127.0.0.1 | net user" into the text box, we actually execute the "net user" command through the pipe character "|". Once we understand the principle, we can continue to execute the commands "127.0.0.1 | net user test 123 / add" and "127.0.0.1 | net localgroup administrators test / add" to take down the entire server.
The main symbols that allow multiple commands to be executed at the same time under DOS are as follows:
"|": the output of the previous command is used as the input of the following command
"| |": execute the following command only when the previous command fails
"&": the previous command is executed, followed by the following command
"&": the previous command is executed successfully before the following command is executed.
If it is a Linux system, you can also use a semicolon (;), or you can execute multiple commands at the same time.
You can also use redirection (>) to generate files on the server, or use (
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
