Command Execution
Detected by Syhunt: Yes (locally, remotely)
Type: Injection Flaw
Also Known As: RCE, OS Commanding, OS Injection, Command Injection
CWE: 78
Many web sites contain flaws that may allow remote attackers to execute arbitrary commands. The issue happens when a script fails to properly sanitize shell metacharacters. By sending a specially crafted request, attackers can execute arbitrary commands with the privileges of the web server.
Below you can find very basic examples of command execution vulnerabilities.
<% Runtime.getRuntime().exec(request.getParameter("cmd")); %>
Syhunt scan results for this example code:
Found: 1 vulnerability In /rce_basic.jsp (source code, locally), on line 2: Possible Command Execution Vulnerability
<? $cmd = $_GET['command']; passthru('SomeApp.exe '.$cmd); ?>
Syhunt scan results for this example code:
Found: 1 vulnerability In /rce_basic.php (source code, locally), affecting parameter "command", on lines 2,3: Possible Command Execution Vulnerability