Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Causes of vulnerabilities in EDR environment

2025-03-12 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "the causes of loopholes in the EDR environment". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Build an edr environment

Https://XXX.com/tool/log/c.php?strip_slashes=system&host=id

Https://XXX.com/tool/log/c.php?strip_slashes=system&host=whoami

Copy the c.php file locally for analysis, and you can see that this file was originally used to view ldb logs. However, when it is repeated, it is found that this interface can be accessed without login, so there is also a danger of unauthorized access.

First look at the output

$_ REQUEST saves the accessed parameters as an array, and then passes the parameters obtained by the foreground to $show_form ()

Follow up $show_form

$show_form is an anonymous function, and use is a call to external variables $strip_slashes, $show_input.

The extract () function imports variables from the array into the current symbol table. It turns the array into a variable, using the array key name as the variable name and the array key value as the variable value.

Therefore, extract () has the problem of variable coverage, and the above poc takes advantage of the variable coverage here.

So the passed parameters become $strip_slashes=system and $host=id.

$strip_slashes ($host) is used in line 91, combined with poc, so it becomes sysytem (id) that executes system commands, resulting in the vulnerability.

This is the end of the content of "reasons for loopholes in the EDR environment". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Variables arrays vulnerabilities environment functions parameters reasons contents files more knowledge output practical dangerous successful learning and then lieutenant general foreground masterpiece command vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Xiaomi Huawei Docker Shulou Tech Info macOS MySQL Microsoft OPPO Reno Apple vpn Linux MariaDB Shulou Technology NVidia Redmi Shulou Information Xiaomi Huawei Docker Shulou Tech Info macOS MySQL Microsoft OPPO Reno Apple vpn Linux MariaDB Shulou Technology NVidia Redmi Shulou Information

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report