Black Hat Europe资料eu-15-Stasinopoulos-Commix-Detecting-And-Exploiting-Command-Injection-Flaws.pdfVIP

Commix: Commix: Detecting Exploiting Command Injection Flaws. Detecting Exploiting Command Injection Flaws. Anastasios Stasinopoulos {stasinopoulos@unipi.gr Anastasios Stasinopoulos {stasinopoulos@unipi.gr Christoforos Ntantogian {dadoyan@unipi.gr Christoforos Ntantogian {dadoyan@unipi.gr Christos Xenakis {xenakis@unipi.gr Christos Xenakis {xenakis@unipi.gr Whoami? Anastasios Stasinopoulos (@ancst) ● Ph.D candidate at University of Piraeus → Department of Digital Systems. ● Member of the Systems Security Laboratory (@ssl_unipi) ● Builder Breaker. Introduction. Introduction. Introduction. ● According to the OWASP, “command injection is an attack in which the goal, is the execution of arbitrary commands on the host operating system through a vulnerable application.” ● ...is also referred as “shell injection”, “shell command injection”, “OS injection”, “OS command injection” etc. ● This attack is possible when an application passes unsafe user supplied data (i.e forms, cookies, HTTP headers etc) to a system shell. ● The attacker-supplied OS commands are usually executed with the same privileges of the vulnerable application. Are command Are command injections still alive? injections still alive? Where may command injections exist? 1. Web Applications (i.e IBM, Sophos, Symantec, LanDesk, Cacti, SquirrelMail, .…) 2. ADSL SOHO routers (i.e D-Link, TP-Link, Linksys, ) 3. IP Cameras (i.e TP-Link, D-Link, Vivotek, Zero-IP, ...) 4. Network Printers (i.e Xerox, ...) 5. IP PBX Applications (i.e Asterisk PBX, FreePBX, ...) 6. Raspberry PI based Web Applications 7. Arduino based Web Applications Why are command injecti