DVWA - Command Injection (low, medium, high)
2017-01-05 22:24
423 查看
low
查看源码// Get input $target = $_REQUEST[ 'ip' ];
// Determine OS and execute the ping command.
if( stristr( php_uname( 's' ), 'Windows NT' ) ) {
// Windows
$cmd = shell_exec( 'ping ' . $target );
}
else {
// *nix
$cmd = shell_exec( 'ping -c 4 ' . $target );
}功能是ping我们提供的IP,一般可用
;
|
||
&
&&
来连接命令执行,low这个等级挑一个自己喜欢的就可以了。注入代码如下
;ls
返回结果如下
help index.php source
medium
查看源码,可发现PHP以黑名单的方式,过滤(删除)&&和;两个连接符,思路是选择其他的连接符即可,比如|, ||, &。high
查看源码,可发现PHP以黑名单方式,过滤(删除)&, ;, | , -, $, (, ), `和||,但是细心一点可以发现|后面有一个空格,所以还是可以用|来连接命令,即注入命令为|ls
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- DVWA - XSS (Stored) (low, medium, high)
- DVWA - Brute Force (low, medium, high)
- DVWA - CSRF (low, medium, high)
- DVWA - File Inclusion (low, medium, high)
- DVWA(V1.10)中Command Injection的high等级绕过
- DVWA - File Upload (low, medium, high)
- DVWA - SQL Injection (low, medium, high)
- DVWA - XSS (Reflected) (low, medium, high)
- –DVWA-command injection
- DVWA笔记之二:Command Injection
- Kali下利用XAMPP搭建DVWA及使用command injection
- DVWA-1.9全级别教程之Command Injection
- DVWA 之命令注入(Command Injection)
- DVWA-1.9系列操作之Command Injection
- Codeforces Round #437 (Div. 2 E. Buy Low Sell High 先买后卖 贪心
- low level descriptors and high level descriptors
- DVWA SQL Injection
- Codeforces Round #437 (Div. 2)E. Buy Low Sell High(优先队列)
- Codeforces Round #437 (Div. 2 E. Buy Low Sell High 先买后卖 贪心