Remote Code Execution

Remote Code Execution

By ghost | 11291 Reads |

0     0

Remote code execution occurs when a server runs code which is not stored on it self. IE a code version of XSS.

With XSS the worst that can happen to a site is that admin cookies can be stolen. Some site such as HBH have methods to stop this and these are easy enough to code.

Remote code execution is a lot harder to prevent, stop and find.

This occurs with the PHP functions require, include, include_once and require_once.

For example a script which runs

<?php

include $_GET['page'];

?>

If this page was called page.php and the url entered was;

page.php?page=index.php the page displayed would be index.php.

If however someone made the page show

page.php?page=http://www.google.com

then google would be displayed.

What other uses are there of the include function in php?

One common use is to shorten codes which are used several times such as a function. This can be used to include the page for its code.

What if someone made the include include a page with UNEXECUTED PHP on it?

Then the local server would run the script on itself. Dangerous scripts can be used to deface and with use of the passthru command they can begin to do great damage.

How can I stop my PHP being executed. The best way of doing this is saving it as a .txt or .jpg because people are less likely to check them and servers do not parse them.

How can I stop this.

Very simply. Don't allow unchecked pages to be included. Use a variable or a MySQL table if possible.

What other methods are there seeing as this is usually pretty secure?

There is the eval injection. For instance. If the server uses the eval on say;

eval($x = $_GET['number']);

The $x = … is still executed and so harmful injections can be inserted into here to execute code etc.