9 high-level command execution vulnerability in DVWA Series
Switch DVWA Security to the high Level and view the webpage source code in Command Execution.
The stripslashes function is also used to process the obtained IP address. It is mainly used to remove the slash added after escaping. The reason has been explained before, because the magic_quotes_gpc magic quotes of PHP are automatically enabled at the high level, the addslashes () function is automatically used to escape all value passing data, so the stripslashes () function must be used to remove it.
Next, we use the explode function to split the IP addresses in the $ target variable with the separator ".". After the split, we get an array and assign the value to the variable $ octet.
Next, use the if statement and the is_numeric function to determine whether each value in the $ octet array is numeric data. Also, use the sizeof function to determine whether the number of elements in the $ octet array is 4. This judgment condition is very harsh. Basically, you can ensure that the IP address entered by the user must be the correct one. All the Command Execution Vulnerabilities used earlier cannot take effect.
However, the problem here is also obvious. This filtering method only works when the command parameter is an IP address. If we want to execute other system commands, this method will not work.
Are there any common methods to defend against Command Execution Vulnerabilities? Of course, there are methods. In the next blog, we will analyze this part of content.