当前位置:网站首页>Getting started with rce
Getting started with rce
2022-07-05 13:54:00 【Cwxh0125】
brief introduction
Command Injection, Command injection , It means to destroy the structure of command statement by submitting maliciously constructed parameters , So as to achieve the purpose of executing malicious commands .PHP The command injection exploit is PHP One of the common scripting vulnerabilities in applications .
When the application needs to call some external programs to process the content , It will use some functions to execute system commands . Such as PHP Medium system,exec,shell_exec etc. , When the user can control the parameters in the command execution function , Inject malicious system commands into normal commands , Cause command execution attacks . ------------ Training documents
Divided into remote command execution ping And remote code execution evel.
The reason for the vulnerability : There is no input processing at the input port .
Our common router 、 A firewall 、 Intrusion detection and other devices web On the management interface
Case study
With pikachu Two lanes of the shooting range RCE As an example
One .exec"ping"
Generally, users will be provided with a ping Operation of the web Interface , User from web Input target on the interface IP, After submission , The backstage will be right for IP Address once ping test , And return the test results . In fact, this is an interface , It allows attackers to inject operating system commands or code directly into the background server , To control the background system , This is it. RCE Loophole . The specific back-end code is as follows :
$result.=shell_exec('ping '.$ip);// Splice variables directly , I didn't deal with it
Try first ping Baidu
Try splicing at the back
Try to view the directory
Two .exec"evel"
Back end code :
if(@!eval($_POST['txt']))
Submit directly phpinfo();
边栏推荐
- matlab学习2022.7.4
- When there are too many input boxes such as input transmitted at one time in the form, the post data is intercepted
- 链表(简单)
- Requests + BS4 crawl Douban top250 movie information
- PHP character capture notes 2020-09-14
- Controller in laravel framework
- Address book (linked list implementation)
- Elk enterprise log analysis system
- Laravel框架运行报错:No application encryption key has been specified
- web3.eth. Filter related
猜你喜欢
法国学者:最优传输理论下对抗攻击可解释性探讨
Laravel framework operation error: no application encryption key has been specified
Elfk deployment
深拷贝真难
[public class preview]: basis and practice of video quality evaluation
How to apply the updated fluent 3.0 to applet development
锚点导航小demo
Network security - Novice introduction
Attack and defense world crypto WP
[server data recovery] a case of RAID5 data recovery stored in a brand of server
随机推荐
leetcode 10. Regular expression matching regular expression matching (difficult)
2022司钻(钻井)考试题库及模拟考试
[machine learning notes] several methods of splitting data into training sets and test sets
MySQL if else use case use
搭建一个仪式感点满的网站,并内网穿透发布到公网 2/2
redis6事务和锁机制
[cloud resources] what software is good for cloud resource security management? Why?
Don't know these four caching modes, dare you say you understand caching?
什么叫做信息安全?包含哪些内容?与网络安全有什么区别?
Blue Bridge Cup study 2022.7.5 (morning)
LeetCode_3(无重复字符的最长子串)
[server data recovery] a case of RAID5 data recovery stored in a brand of server
2022 construction welder (special type of construction work) special operation certificate examination question bank and online simulation examination
Pancake Bulldog robot V2 (code optimized)
真正的缓存之王,Google Guava 只是弟弟
Network security - Novice introduction
Those things I didn't know until I took the postgraduate entrance examination
Self built shooting range 2022
About the problem and solution of 403 error in wampserver
Zibll theme external chain redirection go page beautification tutorial