Questions tagged [code-execution]

The process of executing code, either maliciously or not, on a system or device. The term is often used when talking about code injection vulnerabilities.

The process of executing code, either maliciously or not, on a system or device. The term is often used when talking about code injection vulnerabilities

82 questions
12
votes
4 answers

Execute a PHP function that returns an array from an XSL file

There is a security challenge where you have to execute code on the server to retrieve a flag, and this code has to be executed using an XSL document. So I found a way to make the server interpret my own XSL file, And I used the php:function…
Sidahmed
  • 639
  • 2
  • 9
  • 26
12
votes
1 answer

Will resize of an image execute the file?

Our server was exploited by a ransomware. We allow admins to upload PDF, docx, excel etc. But also images and SVG. And we use dragonfly to generate thumbnails on those files that are supported. Let's say I upload a infected image to the server. When…
Philip
  • 223
  • 1
  • 5
11
votes
1 answer

PHP eval code sandbox break

I noticed a heavily downvoted comment in here: http://php.net/manual/en/function.php-check-syntax.php function eval_syntax($code) { $braces = 0; $inString = 0; // We need to know if braces are correctly balanced. // This is not…
JohnDoes
  • 193
  • 6
11
votes
2 answers

Can a CSV contain malicious code?

I am working with a system that allows users to upload CSV files, that are downloaded by other users. The system validates (amongst other things) that all CSV files can be parsed by an RFC 4180 compliant parser, and are valid UTF-8. It ensures that…
James_pic
  • 2,520
  • 2
  • 17
  • 22
9
votes
1 answer

Can I inject a shell command here in PHP?

During source code examination for a client, I found this code. It gets unsanitized parameter from GET, sanitizes it and does shell_exec() $arg = $_GET['arg']; // sanitization, I…
John Doe
  • 93
  • 4
7
votes
2 answers

Is PHP's eval() function vulnerable to code injection when executing a string built from an array?

I'm trying to learn more about PHP eval() exploitation and I came across this scenario:
Robleh
  • 73
  • 1
  • 4
7
votes
2 answers

Difference between Code Injection, Command Injection and Remote Code Execution

If one has to describe fundamental difference in between these three terms (i.e. Code Injection, Command Injection and Remote Code Execution) what will that be? How they are different from each other in terms approach to perform the attack and it's…
6
votes
1 answer

How to restrict dlopen() from or to certain paths?

If I want to disable execution of programs on a filesystem, I can use the noexec mount option. However, this doesn’t works with dynamic libraries loaded throughdlopen(). So what is the way to do it with nacl or seccomp ? (this is for untrusted…
user2284570
  • 1,402
  • 1
  • 14
  • 33
5
votes
1 answer

Special characters in filename leads to starting virus executable

So I've just downloaded torrent with one file in it - the formal name of file should be "123.avi.exe" (which is typical for viruses and trojans). Now, interesting thing is that name is encoded in UTF16-LE as following…
Alek Depler
  • 163
  • 5
5
votes
4 answers

Removing execute permissions on `/tmp` or mounting it with `noexec` flag?

The CIS security benchmark recommends mounting /tmp and all other world writable directories on a separate partition so it could be mounted with the noexec flag. Since I already have my /tmp mounted in the same partition as / and I would prefer to…
Tom Klino
  • 178
  • 1
  • 1
  • 5
4
votes
1 answer

How do services prevent malicious behavior when executing user provided code?

Some services such as Github allows the execution of user supplied code using docker containers via Github Actions. Another example of a service provider that executes user provided code are continuous integration services such as Travis or…
F21
  • 501
  • 1
  • 4
  • 10
4
votes
2 answers

How can I disable execution of programs from Downloads directory in Windows 10?

I run Windows 10 and I would like the contents of my system default "Downloads" folder to be non-executable. I want at least for a landing zone where I can scan files, run hash checks, and so on. Does this sound right? Change the SYSTEM (and my…
user99573
4
votes
2 answers

Adding network drive to trusted intranet sites security hole?

We have a shared network drive that is mapped, and when we open certain files we get a dialog like I found this site which explains that adding the network path to Local Intranet trusted sites for all users allows opening of such files without the…
hellyale
  • 143
  • 1
  • 1
  • 6
3
votes
1 answer

Is it possible to embed a phar archive into a PNG image?

I know it's possible to embed phar archives into jpeg images but is it also possible to do so with PNG images? I am testing a php application that securely checks if an image is a valid PNG image however it calls vulnerable filesystem functions like…
t40_yx
  • 45
  • 3
3
votes
1 answer

Safe usage of Runtime.getRuntime.exec(String[])

I was reviewing code of an application that uses the following piece of Java code and wanted to know if the the use of exec() was susceptible to command injection. public class FindFileInDir { public static void main(String[] args){ try { …
JohnnyHunter
  • 233
  • 1
  • 7
1
2 3 4 5 6