stackoom
  简体   繁体   中英

Is there a putenv() exploit?

 原文  2017-05-11 09:01:11       php/ exploit

Question

I'm using the following code: 

$data = json_decode($_GET["payload"]);
$env = $data->env;

putenv("MYENV=".$env);

But this function is being exploited. I have no idea how. The attacker can execute any code on my machine (Windows).

Does anybody have an idea how this is possible or how to fix it?

2 answers

solution1
 0 ACCPTED  2017-05-11 09:18:36

This is called ShellShock vulnerability. It basically executes any code the attacker wants if { :;}; are included. For example 

MYENV="{ :; }"; /bin/eject

will result in ejecting the dvdrom drive on Linux. So in fact anything is possible here.

Source:

solution2
 0  2017-05-12 18:10:02

Because some enviroment variable are dangerous like LD_PRELOAD on linux. Generally this not depend exclusively by putenv, but by other possible vulnerability in you code (eg if you exec something that use some magic configuration via enviroment this may led to the exploitaition)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP putenv() not updating Php putenv() question gettext implementation without putenv PHP putenv equivalent in codeigniter PHP - exec() - putenv() – PATH - CodeIgniter PHP in Apache: putenv has no effect php putenv() return inconsistent value Why is putenv() needed on an already defined environment variable? Why does putenv() work but export doesn't? putenv in php, is it uniq every time the php is called
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM