driz Posted October 1, 2009 Share Posted October 1, 2009 Hi just got told this: A malicious user might append ";ls -la" to that value and thereby see a listing of your Website's html directory. An extremely malicious user could append ";rm -rf *" to the value and delete your entire Website!The person was referring to a simple I|0 guestbook I had built, what exactly does he mean? How does one add those values and what do they do? I tried typing one of them into my input box and submitting the form and all was well? So what is the problem? :/ Link to comment Share on other sites More sharing options...
justsomeguy Posted October 1, 2009 Share Posted October 1, 2009 Well, that sort of depends on what your code does. If you're allowing user input into shell commands that's a problem. Link to comment Share on other sites More sharing options...
driz Posted October 1, 2009 Author Share Posted October 1, 2009 Well he claims any input field is at risk for instance, he claims using that code above will allow you to delete all the files for a website? What does that mean exactly? Type ;rm -rf * and then submit and deleted? Link to comment Share on other sites More sharing options...
justsomeguy Posted October 1, 2009 Share Posted October 1, 2009 rm is the Linux command to delete a file.It's not true to say that any input field is at risk. It matters what you do with the data in PHP. If you're using user input data in a shell or system command, as a parameter to open a file, in a database query, etc then there might be an issue if you're not sanitizing the data before using it. If you're not using the user input for things like that then it shouldn't be a problem. The basic principle is to not allow user data into commands unless you sanitize first. User data that isn't part of a command isn't going to be a problem to anything, it's just data. Link to comment Share on other sites More sharing options...
driz Posted October 1, 2009 Author Share Posted October 1, 2009 Is it possible to list a directory using a command in an input box then? Link to comment Share on other sites More sharing options...
justsomeguy Posted October 1, 2009 Share Posted October 1, 2009 It all depends what you're doing with the submitted data. Link to comment Share on other sites More sharing options...
driz Posted October 1, 2009 Author Share Posted October 1, 2009 Would you be able to show an example script? So I can see how it works, like a simple input form with some php code that would allow someone to exploit by typing ls -la and list all the files in that directory. Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 1, 2009 Share Posted October 1, 2009 <?phppassthru($_GET['command']);?> There you go, a PHP script that will execute anything sent to it as a system command.passthru.php?command=ls%20-la Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.