DVWA Series 9 High level command execution vulnerability

Switch DVWA security to the high level and view the Web page source in command execution.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" image "border=" 0 "alt=" image "src=" http ://s3.51cto.com/wyfs02/m01/77/79/wkiom1zo1ots0bawaaf3wpnflhg094.png "height=" 420 "/>

Here the first is to use the Stripslashes function to obtain the IP address is processed, mainly to remove the added slash after escaping, the reason has been explained before, because the high level will automatically enable PHP MAGIC_QUOTES_GPC magic Quotes, All value data is automatically escaped with the Addslashes () function, so it needs to be removed with the stripslashes () function.

The explode function is then used to "." Divide the IP address of the $target variable into a delimiter, and then you will get an array and assign a value to the variable $octet.

Next use the IF statement, using the Is_numeric function to determine whether each value in the $octet array is a numeric data, and also use the sizeof function to determine whether the number of elements in the $octet array is 4. This judgment condition is very harsh, basically can ensure that the user input must be the correct IP address, the previous use of all the command execution vulnerability will not be effective.

But the problem here is also obvious, this filtering method only for the command parameter is the IP address of the situation to function, if we want to execute the other system command, this method will not work.

So is there a generic command to enforce the vulnerability defense method? The method of course has, in the next blog will be on this part of the content analysis.

This article from "a pot of turbid wine" blog, reproduced please contact the author!

DVWA Series 9 High level command execution vulnerability