Introduction to Remote Command Execution Vulnerability
table of Contents
Remote system command execution
This kind of vulnerability generally occurs because the application system is designed to provide users with a specified interface for remote command operation. For example, the web management interface of our common routers, firewalls, intrusion detection devices, etc. will generally provide users with a ping operation. The user enters the target IP from the web interface. After submission, the background will perform a ping test on the IP address and return the test result. If the designer does not perform strict security control when completing this function, it may cause the attacker to submit "unexpected" commands through the interface, so that the background can be executed, and the entire background server can be controlled.
Now many enterprises of Party A have begun to implement automated operation and maintenance, and a large number of system operations will be operated through the "automated operation and maintenance platform". Vulnerabilities in remote system command execution often appear on such platforms
Functions to be noticed about executing system command loopholes
assert,system,passthru,exec,pcntl_exec,shell_exec,popen,proc_open,``(反单引号)
Remote code execution
Remote code execution is the
same reason, because of the requirement design, the background will sometimes execute the user's input as part of the code, which also causes a remote code execution vulnerability. Regardless of whether the function executed by the code is used or the unsafe deserialization is used, etc.,
therefore, if you need to provide an API interface for the operation class to the front-end user, you must strictly judge the content of the interface input, such as implementation A strict whitelist strategy would be a better method.
Functions to be noticed about executing system command loopholes
eval, assert, call_user_func,base64_decode, gzinflate, gzuncompress, gzdecode, str_rot13