PHP Security-Command Injection

黄舟
Release: 2023-03-05 21:16:01
Original
1517 people have browsed it



Command injection

Using system commands is a dangerous operation, especially if you are trying to use remote data to construct the command to be executed. If contaminated data is used, command injection vulnerabilities arise.

Exec() is a function used to execute shell commands. It returns execution and returns the last line of the command's output, but you can specify an array as the second argument so that each line of output will be stored as an element in the array. How to use:

  <?php
 
  $last = exec(&#39;ls&#39;, $output, $return);
 
  print_r($output);
  echo "Return [$return]";
 
  ?>
Copy after login


Assume that the ls command will produce the following output when run manually in the shell:

$ ls
  total 0
  -rw-rw-r--  1 chris chris 0 May 21 12:34
php-security
  -rw-rw-r--  1 chris chris 0 May 21 12:34
chris-shiflett
Copy after login


When running in exec() through the method in the above example, the output result is as follows:

Array
  (
      [0] => total 0
      [1] => -rw-rw-r--  1 chris chris 0 May 21
12:34 php-security
      [2] => -rw-rw-r--  1 chris chris 0 May 21
12:34 chris-shiflett
  )
  Return [0]
Copy after login


This method of running shell commands is convenient and useful, but this convenience brings you significant risks. If the contaminated data is used to construct a command string, the attacker can execute arbitrary commands.

I suggest that you avoid using shell commands if possible. If you do use them, make sure to filter the data used to construct the command string and escape the output:

<?php
 
  $clean = array();
  $shell = array();
 
  /* Filter Input ($command, $argument) */
 
  $shell[&#39;command&#39;] =
escapeshellcmd($clean[&#39;command&#39;]);
  $shell[&#39;argument&#39;] =
escapeshellarg($clean[&#39;argument&#39;]);
 
  $last = exec("{$shell[&#39;command&#39;]}
{$shell[&#39;argument&#39;]}", $output, $return);
 
  ?>
Copy after login


Although there are many ways to execute shell commands, it is important to insist that only filtered and escaped data is allowed when constructing the string to be executed. Other similar functions that need attention include passthru(), popen( ), shell_exec( ), and system( ). Again, I recommend avoiding the use of all shell commands if possible.

The above is the content of PHP security-command injection. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template