Article directory
1. Overview of code execution
Code execution definition:
------ When the application calls some functions that can convert a string into code (such as eval in PHP), it does not consider whether the user controls the string, which will cause a code execution vulnerability. Remote code execution is actually calling the server website code for execution.
------ Code execution vulnerability means that the application itself is not strictly filtered, and users can inject code into the application through requests for execution.
2. Code execution related functions
- PHP:eval、assert
- Javascript:eval
- Vbscript: Execute、Eval
- Python:exec
- Java: There is no function in Java that can directly convert strings into code execution, similar to the eval function in PHP. However, there is a reflection mechanism, and there are various expression engines based on reflection mechanisms, such as: OGNL, SpEL, MVEL, etc. These can cause code execution vulnerabilities.
1、eval
To execute a string as a function, you need to pass in a complete statement, which must end with a semicolon;. The most commonly used functions are:
<?php eval('echo "hello";'); ?>
2、assert
Determine whether it is a string, if so, it will be executed as code.
在php7.0.29之后的版本不支持动态调用
低版本
<?php assert($_POST['a']); ?>
7.0.29之后
<?php
$a = 'assert';
$a(phpinfo());
?>
3. ${ } execute code
The intermediate php code will be parsed.
${
phpinfo()};
3. The difference between command execution and code execution
-
The functions involved are different
-
The execution methods are different.
Command execution: generally refers to operating system command
远程code execution: generally refers to script code