"Introduction to the author": CSDN top100, Alibaba Cloud blog expert, Huawei Cloud Sharing expert, and high-quality creators in the field
of network security
Command Injection
Command injection is a Ping test function. The content submitted by the user in the input box is executed by the background as a command, and the execution result is displayed on the page.
1. Low level
There is no filtering at the low level, just use logical operators to splice commands, payload:
; pwd
Copy to the input box, click Submit
You can see the result of the successful execution of the command, even if you pass the level
Other logical operators can also be used, payload:
& pwd
| pwd
|| pwd
2. Medium level
Medium level filters &∧
Use other logical operators to bypass, payload:
& pwd
| pwd
|| pwd
3. High level
Higher level filters more characters
The breakthrough is in the filtering |of . If you carefully observe the filtering part of the above code, you can find that |there is a space behind it. If we don’t add a space, we will not be filtered. payload:
|pwd
||You can also add a space after it, payload:
|| pwd
The reason is: the code is executed in order from top to bottom. When we input || pwd, when we go to the third filter, the latter will be |+空格filtered out. After filtering, what is left |pwd, the latter filter conditions will not match.