August 2018
Intermediate to advanced
404 pages
10h 22m
English
As in the case of SQLi and others, command injection vulnerabilities are due to a poor input validation mechanism and the use of user-provided data to form strings that will later be used as commands to the operating system. If we look at the source code of the page we just attacked (there is a button in the bottom right-hand corner on every DVWA's page), it will look just like this:
<?phpif( isset( $_POST[ 'submit' ] ) ) { $target = $_REQUEST[ 'ip' ]; // Determine OS and execute the ping command. if (stristr(php_uname('s'), 'Windows NT')) { $cmd = shell_exec( 'ping ' . $target ); echo '<pre>'.$cmd.'</pre>'; } else { $cmd = shell_exec( 'ping -c 3 ' .$target ); echo '<pre>'.$cmd.'</pre>'; }}?>
We can see it directly appends ...
Read now
Unlock full access