{"_id":"55dc82866f16451700843e47","project":"55db8f8f1a91690d007ad975","parentDoc":null,"user":"55dc702d7fa0290d00559106","version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"__v":12,"category":{"_id":"57d9b8fbda17c30e003897f1","project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-14T20:54:19.794Z","from_sync":false,"order":4,"slug":"code-protection","title":"Code Protection"},"githubsync":"","updates":["55e5fb68d101191900f30ca0"],"next":{"pages":[],"description":""},"createdAt":"2015-08-25T14:58:14.233Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":6,"body":"Remote Command Execution vulnerabilities allow attackers to run arbitrary code on your servers.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Shell Command Execution\"\n}\n[/block]\nShell Command Execution vulnerabilities allow for arbitrary commands to be run through a shell-like interface. Many languages make it easy to run external commands, but care must be taken to ensure attackers cannot modify which commands are run or what arguments may be passed outside the scope of the intended functionality. Shell commands can be executed from a number of system calls, in a variety of ways. Attackers will craft requests in an attempt to cause system commands to execute on the Web server.\n\nThis is an example vulnerability in Rails:​\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"def get_listing(params)\\n  `ls -1 /templates | grep \\\"#{params[:query]}\\\"`\\nend\",\n      \"language\": \"ruby\"\n    }\n  ]\n}\n[/block]\nThe intention is to list all the files in the /templates directory, returning only those that match a string value passed in​ the request. Here are two example URLs and the resulting shell commands that will be executed:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"/templates?query=A4\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t=>\\tls -1 /templates | grep \\\"A4\\\"\\n\\n/templates?query=%22%60rm%20%2Fetc%2Fpasswd%60%22\\t\\t=>\\tls -1 /templates | grep \\\"\\\"`rm /etc/passwd`\\\"\\\"\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nThe second command will complete without error, but will have attempted to delete user information on the server. If the server is running with root privileges, ​it will succeed.\n\nIMMUNIO protects against Shell Command Execution by learning where in the app shell commands are executed and what the structure of the command is. After a number of requests have been made, all unknown shell commands will trigger the sensor. Further, a change in the structure of a known command will also trigger the sensor.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Mitigation\"\n}\n[/block]\nWhen IMMUNIO detects an invalid Remote Command Execution while in blocking mode, it will block the request before the command is executed to prevent malicious activity or modification of the application state.​","excerpt":"","slug":"remote-command-execution","type":"basic","title":"Remote Command Execution"}

Remote Command Execution


Remote Command Execution vulnerabilities allow attackers to run arbitrary code on your servers. [block:api-header] { "type": "basic", "title": "Shell Command Execution" } [/block] Shell Command Execution vulnerabilities allow for arbitrary commands to be run through a shell-like interface. Many languages make it easy to run external commands, but care must be taken to ensure attackers cannot modify which commands are run or what arguments may be passed outside the scope of the intended functionality. Shell commands can be executed from a number of system calls, in a variety of ways. Attackers will craft requests in an attempt to cause system commands to execute on the Web server. This is an example vulnerability in Rails:​ [block:code] { "codes": [ { "code": "def get_listing(params)\n `ls -1 /templates | grep \"#{params[:query]}\"`\nend", "language": "ruby" } ] } [/block] The intention is to list all the files in the /templates directory, returning only those that match a string value passed in​ the request. Here are two example URLs and the resulting shell commands that will be executed: [block:code] { "codes": [ { "code": "/templates?query=A4\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t=>\tls -1 /templates | grep \"A4\"\n\n/templates?query=%22%60rm%20%2Fetc%2Fpasswd%60%22\t\t=>\tls -1 /templates | grep \"\"`rm /etc/passwd`\"\"", "language": "text" } ] } [/block] The second command will complete without error, but will have attempted to delete user information on the server. If the server is running with root privileges, ​it will succeed. IMMUNIO protects against Shell Command Execution by learning where in the app shell commands are executed and what the structure of the command is. After a number of requests have been made, all unknown shell commands will trigger the sensor. Further, a change in the structure of a known command will also trigger the sensor. [block:api-header] { "type": "basic", "title": "Mitigation" } [/block] When IMMUNIO detects an invalid Remote Command Execution while in blocking mode, it will block the request before the command is executed to prevent malicious activity or modification of the application state.​