Chapter 7 - Attack execution (3)
P a g e | 139
7.1 Attack webserver operating system
Most of web server side languages provide a mean to access many of the
operating system tasks like accessing file system, interact with other processes
or initiate a network communication through special APIs which can provide a
safe approach to do those tasks but there are some special scenarios where the
developer finds himself forced to enter in direct interaction with the server
through direct command which opens the door for dangerous exploits.
Examples about commands used to initiate a direct access exec command in
PHP or wscript.shell in ASP.
the following listing is a Perl CGI code used by a web application to show the disk
usage of specific directory on the server:
#!/usr/bin/perl
use strict;
use CGI qw(:standard escapeHTML);
print header, start_html(“”);
print “”;
my $command = “du -h --exclude php* /var/www/html”;
$command= $command.param(“dir”);
$command=`$command`;
print “$command\n”;
print end_html;
the normal output for such listing after appending the dir parameter to the
preset command something similar to what is shown below: