Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Example Analysis of high-level Command execution vulnerability in DVWA

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article mainly introduces the example analysis of high-level command execution vulnerabilities in DVWA, which has a certain reference value, and interested friends can refer to it. I hope you will gain a lot after reading this article.

Switch the DVWA Security to the high level and view the web page source code in Command Execution.

First of all, the obtained IP address is processed with the stripslashes function, mainly to remove the slash added after the escape. The reason has been explained before. As the magic_quotes_gpc magic quotation marks of PHP are automatically enabled at the high level, all the passed-value data are automatically escaped with the addslashes () function, so it needs to be removed by the stripslashes () function.

Next, the explode function is used to "." The IP address in the $target variable is split for the delimiter, resulting in an array and assigned to the variable $octet.

Next, use the if statement to determine whether each value in the $octet array is numeric data in turn with the is_numeric function, and also use the sizeof function to determine whether the number of elements in the $octet array is 4. This judgment condition is very harsh, basically can guarantee that the user must be the correct IP address, all the previously used command execution vulnerabilities can not take effect.

But the problem here is also obvious, this filtering method only works if the command parameter is the IP address, if we want to execute other system commands, this method will not work.

Thank you for reading this article carefully. I hope the article "sample Analysis of high-level Command execution vulnerabilities in DVWA" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Functions commands levels addresses articles vulnerabilities arrays examples analysis next functions variables data methods escape obvious demanding number value elements vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Docker MySQL Xiaomi Shulou Information OPPO Reno Redmi vpn Shulou Tech Info Microsoft Shulou Technology Huawei NVidia Linux MariaDB Apple macOS Docker MySQL Xiaomi Shulou Information OPPO Reno Redmi vpn Shulou Tech Info Microsoft Shulou Technology Huawei NVidia Linux MariaDB Apple macOS

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report