pikachu--RCE(remote command/code execute)

Others 2020-02-25 11:05:25 views: null

RCE(remote command/code execute)概述

    RCE vulnerability allows an attacker to inject code directly, or operating system commands to a remote back-end server to control the back-end system.

    Remote command execution system

    This usually occurs loophole, because the interface is specified in an application requests from the design to the user's operation of a remote command

    For example, the web management interface of our common router, firewall, intrusion detection and other equipment

    General will provide users with a ping operation of the web interface, users enter the target IP from the web interface, after the submission, the background will conduct a ping test the IP address, and returns the results. And, if the designer Upon completion of this function, do not have strict security control, it could result in an attacker submits "unexpected" command through the interface, allowing the background to perform, to control the entire back-end server

 Now many companies are beginning to implement the Party automated operation and maintenance, a large number of system operations will be operated by "automated operation and maintenance platform." On this platform, the remote system command execution vulnerabilities often occur.

    Remote Code Execution

    By the same token, because the demand for design, background sometimes the user's input as part of the implementation of the code, also resulted remote code execution vulnerability. Whether you use a function code execution, or the use of unsafe deserialization so on.

Therefore, if the operation class provides an interface to the API front end users, the need for certain content interface input strict determination, such as strict whitelist policy would be a better method.

Loopholes reasons:

Processing user input is not directly involved in the interaction to the user;

Using the wrong method for processing the data input by the user

 

Exec "the ping"  (remote command execution system)

Enter 127.0.0.1

 

 

Then we try to use stitching plus sign multi-command behind 127.0.0.1

127.0.0.1 & ipconfig    this will be more of what we want out

 

 

Exec "eval" (remote code execution)

 

 

看源码可以知道,没有对输入字符进行过滤直接引用到下面,下面用eval函数如果报错输出‘你喜欢的字符还挺奇怪的’,不报错的话就会执行我们的代码。所以这存在一个漏洞,可以将我们的代码执行

 

 

输入phpinfo();    被后端执行,将结果返回到前端

 

Guess you like

Origin www.cnblogs.com/7-58/p/12360456.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com