Command Execution 03

This exercise is one of our challenges on Command Execution

< 1 Hr.


In this video, we cover a code review of the Command Execution 03 challenge, part of the essential badge. The developer attempts to filter out special characters such as `;`, `&`, `|`, and backticks to prevent command execution. However, they overlook the fact that `$(command)` can still be used to execute commands, posing a significant security risk.

The code checks if the `$_GET['ip']` variable is set and applies a regular expression to filter out dangerous characters. If any of these characters are found, the script terminates with an "Invalid IP address" message. Despite these precautions, the absence of proper HTML escaping and the reliance on inadequate filtering instead of validating the IP address format make the application vulnerable to command injection attacks. The system function call with the user-provided IP address allows an attacker to gain code execution.

Want to learn more? Get started with PentesterLab Pro! GO PRO