Command Injection # 2
This lab shows step-by-step how to exploit a Command Injection vulnerability on the Damn Vulnerable Web Application (DVWA) to run arbitrary system commands on the target. During this lab, the Security Level of the DVWA is set to MEDIUM.
In this scenario, the application attempts to prevent Command Injection attacks by utilizing various patterns to filter user-supplied data. However, this scenario highlights that this approach is not sufficient to prevent Command Injection attacks.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is intentionally vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Why are Command Injection weaknesses important?
Command Injection is a vulnerability which could allow attackers to execute arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. The attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks can be devastating and could allow an attacker to potentially compromise the entire system running the affected application.
What you will learn?
- What is Command Injection vulnerabilities.
- How to test and identify a Command Injection vulnerability.
- How to exploit Command Injection vulnerabilities to run arbitrary system commands on target systems.
- This scenario contains one virtual machine.
- VPN Connection Required: Optional
- This lab can be completed by either connecting to the CR VPN or by simply utilizing the Web Proxy feature.
- The examples demonstrated throughout this scenario are based on Linux.
In order to benefit from this scenario it is recommended you have competence in the following areas:
1. Basic understanding of the HTTP protocol
2. How web applications work behind the scenes
3. How to use an HTTP Intercepting Proxy
4. Basic Linux command line knowledge
About the Author
Marios holds a BSc Computer Science degree from Northumbria University and an MSc degree in Cyber Security from the University of York. He is one of the OWASP Cyprus Chapter Leaders and he is passionate about web application security. He likes to spend his free time mastering his backgammon skills.
- TIME60 MINUTES
- COST10 CRYSTALS