Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

High rating bypass of Command Injection in DVWA (V1.10)

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

First, you can see the filter array in high.php as shown below:

Here I think of two kinds of bypass, one can be found on the Internet, and the other is combined according to medium.php 's way of bypass.

The first kind:

Notice the third'| = >''of the array, where there is a space to the right of the vertical bar.

So we can construct "127.0.0.1 | whoami"

Replace the space on the right with the space on the left to bypass it, as shown below:

The second kind:

The &; & method is used in the medium.ph bypass, and the combination bypass is also tried in high. My combination is "127.0.0.1 | whoami". The result is as follows:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report