简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > PHP Tutorial > body text

PHP Security-Command Injection

黄舟
Release: 2023-03-05 21:16:01
Original
1501 people have browsed it



Command injection

Using system commands is a dangerous operation, especially if you are trying to use remote data to construct the command to be executed. If contaminated data is used, command injection vulnerabilities arise.

Exec() is a function used to execute shell commands. It returns execution and returns the last line of the command's output, but you can specify an array as the second argument so that each line of output will be stored as an element in the array. How to use: 

  <?php
 
  $last = exec(&#39;ls&#39;, $output, $return);
 
  print_r($output);
  echo "Return [$return]";
 
  ?>
Copy after login


Assume that the ls command will produce the following output when run manually in the shell: 

$ ls
  total 0
  -rw-rw-r--  1 chris chris 0 May 21 12:34
php-security
  -rw-rw-r--  1 chris chris 0 May 21 12:34
chris-shiflett
Copy after login


When running in exec() through the method in the above example, the output result is as follows: 

Array
  (
      [0] => total 0
      [1] => -rw-rw-r--  1 chris chris 0 May 21
12:34 php-security
      [2] => -rw-rw-r--  1 chris chris 0 May 21
12:34 chris-shiflett
  )
  Return [0]
Copy after login


This method of running shell commands is convenient and useful, but this convenience brings you significant risks. If the contaminated data is used to construct a command string, the attacker can execute arbitrary commands.

I suggest that you avoid using shell commands if possible. If you do use them, make sure to filter the data used to construct the command string and escape the output: 

<?php
 
  $clean = array();
  $shell = array();
 
  /* Filter Input ($command, $argument) */
 
  $shell[&#39;command&#39;] =
escapeshellcmd($clean[&#39;command&#39;]);
  $shell[&#39;argument&#39;] =
escapeshellarg($clean[&#39;argument&#39;]);
 
  $last = exec("{$shell[&#39;command&#39;]}
{$shell[&#39;argument&#39;]}", $output, $return);
 
  ?>
Copy after login


Although there are many ways to execute shell commands, it is important to insist that only filtered and escaped data is allowed when constructing the string to be executed. Other similar functions that need attention include passthru(), popen( ), shell_exec( ), and system( ). Again, I recommend avoiding the use of all shell commands if possible.

The above is the content of PHP security-command injection. For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!


Related labels:
PHP,安全,命令注入
source:php.cn
Previous article:Three commonly used design patterns in PHP_php skills Next article:PHP Security-Remote File Risk
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Unable to access sent messages using JavaScript in Postman Using the code below, I can enter information into my MySQL table in the post method and t...
From 2024-04-03 22:02:38
0
1
304
add to cart using php I want to add product to cart..I am using session to add new product to cart but I don't k...
From 2024-04-01 22:48:05
0
1
277
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!