Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Arbitrary code execution vulnerability

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

0x00 what is arbitrary code execution

When the application calls some functions that can convert a string into code (such as eval with multiple PHP), it does not consider whether the user can control the string, which will cause code injection vulnerabilities. In a narrow sense, code injection usually refers to injecting executable code into the current page, such as PHP's eval function, which can execute the code represented by the string as PHP code. When the user can control this string, there will be a code injection vulnerability (also known as command execution). In a broad sense, code injection can cover more than half of the classification of security vulnerabilities.

Why there is arbitrary code execution in 0x01

Several commonly used functional languages have related functions that convert strings into code to execute.

PHP = = > eval (), assert ()

Python = > exec ()

Asp = = >

Why 0x02 uses execute code functions

Applications sometimes consider flexibility and simplicity and call functions such as eval in the code to deal with it.

Function string2array (% data) {if ($data = =') return array (); @ eavl ("\ $array = $data"); return $array;} / / when the string accepted by $data is like this: $data = "array ('upload_maxsize' = >' 2048, 'upload_allowext' = >' jpg | jpge | gif | bmp | png | docx | xls | ppt | pptx | pdf | txt | rar | zip | swf', 'watermark_enable' = >' 1bike,)" / you can pass the string 'array (....)' through the eval () function. Assigning a value to $array as an array greatly improves the flexibility and simplicity of the code.

0x03 vulnerability classification

Eval (), assert () (not common)

Preg_replace + / e mode

0x04 vulnerability exploitation (local test)

Eval () = = >

# 1: # 2:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report