Shulou(Shulou.com)06/01 Report--

0x00 what is arbitrary code execution

When the application calls some functions that can convert a string into code (such as eval with multiple PHP), it does not consider whether the user can control the string, which will cause code injection vulnerabilities. In a narrow sense, code injection usually refers to injecting executable code into the current page, such as PHP's eval function, which can execute the code represented by the string as PHP code. When the user can control this string, there will be a code injection vulnerability (also known as command execution). In a broad sense, code injection can cover more than half of the classification of security vulnerabilities.

Why there is arbitrary code execution in 0x01

Several commonly used functional languages have related functions that convert strings into code to execute.

PHP = = > eval (), assert ()

Python = > exec ()

Asp = = >

Why 0x02 uses execute code functions

Applications sometimes consider flexibility and simplicity and call functions such as eval in the code to deal with it.

Function string2array (% data) {if ($data = =') return array (); @ eavl ("\ $array = $data"); return $array;} / / when the string accepted by $data is like this: $data = "array ('upload_maxsize' = >' 2048, 'upload_allowext' = >' jpg | jpge | gif | bmp | png | docx | xls | ppt | pptx | pdf | txt | rar | zip | swf', 'watermark_enable' = >' 1bike,)" / you can pass the string 'array (....)' through the eval () function. Assigning a value to $array as an array greatly improves the flexibility and simplicity of the code.

0x03 vulnerability classification

Eval (), assert () (not common)

Preg_replace + / e mode

0x04 vulnerability exploitation (local test)

Eval () = = >

# 1: # 2:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.