当前位置:网站首页>Getting started with rce
Getting started with rce
2022-07-05 13:54:00 【Cwxh0125】
brief introduction
Command Injection, Command injection , It means to destroy the structure of command statement by submitting maliciously constructed parameters , So as to achieve the purpose of executing malicious commands .PHP The command injection exploit is PHP One of the common scripting vulnerabilities in applications .
When the application needs to call some external programs to process the content , It will use some functions to execute system commands . Such as PHP Medium system,exec,shell_exec etc. , When the user can control the parameters in the command execution function , Inject malicious system commands into normal commands , Cause command execution attacks . ------------ Training documents
Divided into remote command execution ping And remote code execution evel.
The reason for the vulnerability : There is no input processing at the input port .
Our common router 、 A firewall 、 Intrusion detection and other devices web On the management interface
Case study
With pikachu Two lanes of the shooting range RCE As an example
One .exec"ping"
Generally, users will be provided with a ping Operation of the web Interface , User from web Input target on the interface IP, After submission , The backstage will be right for IP Address once ping test , And return the test results . In fact, this is an interface , It allows attackers to inject operating system commands or code directly into the background server , To control the background system , This is it. RCE Loophole . The specific back-end code is as follows :
$result.=shell_exec('ping '.$ip);// Splice variables directly , I didn't deal with it
Try first ping Baidu
Try splicing at the back
Try to view the directory
Two .exec"evel"
Back end code :
if(@!eval($_POST['txt']))
Submit directly phpinfo();
边栏推荐
- Idea remote debugging agent
- Deep copy is hard
- Zhubo Huangyu: it's really bad not to understand these gold frying skills
- Network security HSRP protocol
- 常见问题之PHP——Fatal error: Allowed memory size of 314572800 bytes exhausted...
- [MySQL usage Script] catch all MySQL time and date types and related operation functions (3)
- When there are too many input boxes such as input transmitted at one time in the form, the post data is intercepted
- Primary code audit [no dolls (modification)] assessment
- web3.eth. Filter related
- Simple PHP paging implementation
猜你喜欢
uplad_ Labs first three levels
About the problem and solution of 403 error in wampserver
Idea set method annotation and class annotation
Intranet penetration tool NetApp
Summit review | baowanda - an integrated data security protection system driven by compliance and security
These 18 websites can make your page background cool
Mmseg - Mutli view time series data inspection and visualization
Kotlin协程利用CoroutineContext实现网络请求失败后重试逻辑
Brief introduction to revolutionary neural networks
laravel-dompdf导出pdf,中文乱码问题解决
随机推荐
What are the private addresses
Controller in laravel framework
LeetCode_67(二进制求和)
MySQL get time
Solve the problem of invalid uni app configuration page and tabbar
ZABBIX monitoring
When using Tencent cloud for the first time, you can only use webshell connection instead of SSH connection.
PHP basic syntax
asp.net 读取txt文件
Deep copy is hard
Basic characteristics and isolation level of transactions
How to apply the updated fluent 3.0 to applet development
Blue Bridge Cup study 2022.7.5 (morning)
[machine learning notes] several methods of splitting data into training sets and test sets
Zhubo Huangyu: it's really bad not to understand these gold frying skills
Kotlin协程利用CoroutineContext实现网络请求失败后重试逻辑
Jetpack compose introduction to mastery
French scholars: the explicability of counter attack under optimal transmission theory
Why do I support bat to dismantle "AI research institute"
In addition to the root directory, other routes of laravel + xampp are 404 solutions