Shulou(Shulou.com)06/01 Report--

Set DVWA Security to medium and click "View Source" in Command Execution to view the source code of the page.

Here, the variable $target that receives the user's input IP is filtered by defining a blacklist.

$substitutions = array ('& &'= >',';'= >',)

This line means that an array is defined and assigned to the variable $substitutions. The array contains two keys: & & and;, and their corresponding values are NULL.

$target = str_replace (array_keys ($substitutions), $substitutions, $target)

This line replaces the characters in the $target variable with the str_replace function by replacing array_keys ($substitutions) with $substitutions, that is, replacing & & and; with null values.

Friends who know a little about network security know that the blacklist is unreliable because there will inevitably be omissions in the blacklist, which provides an opportunity for bypass. Like the blacklist defined here, it only includes two symbols & & and;. Through the analysis of the previous blog, we know that there are too many ways to bypass, such as "|", ">" and so on. Therefore, medium-level command execution vulnerabilities are actually very simple.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.