Command Injection
February 29, 2024
Last updated
February 29, 2024
Last updated
Task 1: Introduction (What is Command Injection?)
Task 2: Discovering Command Injection
For this task we just have to read the PHP code snippet in the given example
$songs - it is a variable that holds the value "/var/www/html/songs"
$title - it will get the user input from the website
$command - this variable will use the grep command in the system and it will take the $title variable from the user's input and it will search the word in the "/var/www/html/songtitle.txt"
$search - it will use the exec() function in the php and will use the $command as its argument
Then the if-else statement will determine if the search holds nothing for its value then it will return "not exist!". Otherwise, it goes to the else portion where it will return "does exist!"
First they imported the subprocess lib
Then just creates a app variable that holds the flask name
They created a execute_command function that will executes command in the server
The @app.route will just direct the users to /shell directory
After that the last function will just execute the command
Task 3: Exploiting Command Injection
Task 4: Remediating Command Injection
Task 5: Practical: Command Injection (Deploy)
First we just have to try the input box and test what is the output for this. As we can see here, it actually returns the result from the ping command.
Just by knowing the input box are actually taking real commands and it executes in the server. We could try some Command Injection in the box. The input box actually accepts the ";" command.
So, we can just try to execute 2 commands at the same time.
For the next question we will get the answer by trying out this command.
First we know that the first command will ping the IP address that we will enter in the input box then we are going to use the double ampersand which is this "&&". This will execute the first command and after that will also execute the second command that we will enter.
Task 6: Conclusion
