The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

When used as intended, this script inserts the value of the user-supplied

FileName

parameter into a preset command, executes the command, and dis-

plays the results, as shown in Figure 9-5.

Figure 9-5: A function to display the contents of a log file

As with the vulnerable Perl script, an attacker can use shell metacharacters

to interfere with the preset command intended by the developer, and inject his

own command. The ampersand character (

&

) is used to batch multiple com-

mands together. Supplying a filename containing the ampersand character

and a second command causes this command to be executed and its results

displayed, as shown in Figure 9-6.

Figure 9-6: A successful command injection attack

Download 5,76 Mb.

Do'stlaringiz bilan baham: