Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
DVoropaev2019-04-03 21:44:38
Burglary protection
DVoropaev, 2019-04-03 21:44:38

What is this type of vulnerability called?

From the user, the site receives an IP, and then pings it and returns the result of the ping utility to the user.
However, input validation is not implemented, which makes it possible to force the server to execute a command by appending it with an ampersand.
if we tell the site:
8.8.8.8 & ls
then along with the results of the ping we will also get a list of directories

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
T
Tyranron, 2019-04-03
@DVoropaev

RCE (Remote Code Execution/Evaluation) .

Report
S
Sergey, 2019-04-03
@gangstarcj

It's called sloppiness.
List of types of vulnerabilities www.captcha.ru/articles/antihack Choose any
But more like XSS and SQL Injection (replace sql with bash)

Similar questions
R
referakk2018-11-19 13:39:15
How to know which site is hacked? 3Reply
J
Johnny Smith2018-12-24 22:12:57
List of typical vulnerabilities? 1Reply
D
djgrow2016-08-07 18:20:01
Where to look for a specialist to hack your site? 5Reply
L
Lilula2020-10-23 20:48:33
What to do after hacking Wi-Fi? 3Reply
D
DastM2019-01-15 11:54:48
How to connect Python vulnerability scanner and Vulners vulnerability database? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question