Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to analyze the orders under DVWA to inject customs clearance. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

Command Injection command injection

Command injection attack means that because Web applications do not filter the data submitted by users strictly, hackers can submit data to Web applications by constructing special command strings, and use this way to execute external programs or system commands to carry out attacks and illegally obtain data or network resources. Among the vulnerabilities of command injection, the most common is PHP's command injection. The main reason for the existence of PHP command injection attack is that the Web application programmer brings the data submitted by the user into the function without strict filtering when applying some functions with command execution function in PHP language. For example, when the data submitted by a hacker is to write a PHP file to a website directory, a PHP backdoor file can be written through this command injection attack vulnerability, and then the next penetration attack can be carried out.

Common command connectors:

Command connector:

Command1 & & command2 executes command1 first and then command2

Command1 | command2 only executes command2

Command1 & command2 executes command2 first and then command1

The above three connectors are supported in both windows and linux environments

If the program is not filtered, then we can execute multiple system commands through connectors.

1. Low Command Injection Source (low-level)

At the low level, there are no restrictions and no filtering, so play as if you are familiar with command connectors.

Effect of the "|" symbol:

Burpsuite grabs the package:

Effect of the "&" symbol:

Burpsuite grabs the package:

The effect of the "&" symbol:

Burpsuite grabs the package:

2. Medium Command Injection Source (medium difficulty)

$substitutions = array (

'&' = >''

';' = >'

This code means that "& &" and ";" are filtered, but not "| |"

Type 127.0.0.1 & & ipconfig, but it doesn't show what the command looks like after execution.

Type 127.0.0.1 & ipconfig, and the content will come out. Keep trying.

Enter 127.0.0.1 | ipconfig, which means that the medium-level source code really filters the "& &" characters, and the effect is good. Let's move on to the next level.

3. High Command Injection Source (highly difficult)

The high level mainly improves the blacklist:

$substitutions = array (

'&' = >''

';' = >'

'|' = >''|

'-' = >''

'$' = >''

'(' = >''

')' = >''

'`'= >''

'| |' = >''

);

Look at the operation:

Type 127.0.0.1 & & ipconfig, but it doesn't show what the command looks like after execution.

Type 127.0.0.1 & ipconfig, but it also doesn't show what the command looks like after execution.

Enter 127.0.0.1 | ipconfig, something is displayed, and finally there is something missing.

Enter 127.0.0.1 | | ipconfig, and no content is displayed. The above shows that the high level can still be injected successfully. Finally, let's try it.

Impossible level.

4. Impossible Command Injection Source (impossible)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.