Command Execution
Imagine you run a simple site that performs DNS lookups. Your site shells out to the nslookup command, then prints the result.
Have a look at the code. Since the domain parameter is not sanitized, you are vulnerable to command injection.
Mal is a no-good basement-dweller who wants to hack your website. He has already noticed you are running PHP, and wonders how he can take advantage of that.
While running a simple domain lookup, he notices that the domain is passed in the query string under the domain parameter.
He guesses that the IP lookup is performed via an operating system function, and attempts to tag on an extra command on the end.
Success! Mal can see the output of his echo command on the web page. This demonstrates that your is site vulnerable to command execution.
Now he has a mechanism to execute code on the server. This is very bad news.
You try it! Add the command cat /etc/passwd on the end of the search term to read a sensitive file on the server.
Which Robot static Robot animated
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:    google.com
Address: 216.58.192.14
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:    google.com
Address: 216.58.192.14

HAXXED
Which Robot static Robot animated
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:    google.com
Address: 216.58.192.14

HAXXED
Which Robot static Robot animated


        
<?php
  if (isset($_GET['domain'])) {
    echo '<pre>';
    $domain = _GET['domain'];
    $lookup = system("nslookup {$domain}");
    echo($lookup);
    echo '</pre>';
  }
?>Warning
Notice how the 'domain' parameter is taken in from the GET request, and immediately interpolated into a command string.
Mal
Committing malicious acts on the internet is emotionally validating.
I wonder if I could make use of that...
That's it! I send all the commands now.
Your server is toast!
Thank you kindly.
Is your website vulnerable to command execution attacks?
Netsparker n
Check today. Scan your website for Command Execution and other vulnerabilities with Netsparker Web Application Security Scanner.