Code injection is a vulnerability caused by executing invalid information. An attacker can introduce code into the vulnerable computer program through injection. The injected code can change the course of execution. A successful code injection can be disastrous for the server. The server that fails to properly validate user data can result in Code Injection vulnerability. Attackers can inject code into a vulnerable computer program and change the course of execution. If an attacker can inject code into an application and if that application executes the code, this vulnerability can cause code injection.
Example
In a web application using PHP, use eval() function to pass it untrusted data.
//the URL to archive the page is https://www.example.beaglesecurity.com/index.php?arg=1
$myvar = "varname";
$x = $_GET['arg'];
eval("\$myvar = \$x;");
In the above code, an attacker can easily get the phpinfo() function by requesting a URL.
https://www.example.beaglesecurity.com/index.php?arg=1; phpinfo()
The above link will return the version of PHP in that application uses. Also, the attacker can run the system commands.
https://www.example.beaglesecurity.com/index.php?arg=1; system(‘id’)
The id command will reveal all the information about the current user. An attacker can also specify the name of another user to get information about other users.
Impact
Using this vulnerability, an attacker can:-
- Steal sensitive data
- perform data corruption
- execute Denial of access attacks
- successfully take over the host
Mitigation / Precaution
Beagle recommends the following fixes:-
- Use APIs that are secure against all input characters.
- Enforce a language separation using a static type system.
- Use proper Input validations.
