Bypassing the blacklist command to execute tips (two)
In the first article, we explore how to bypass the blacklist limit of command execution by using methods such as delimiters. The following is a detailed description:
In the second article, we will discuss how to leverage environment variables to bypass the limitations of blacklists and spaces.
First, let’s look at the situation of the Windows system.
Let's first look at the environment variables:
What should we do if a command execution vulnerability now filters spaces? Please see the picture below:
What have you discovered? We can use the values of the environment variable to get what we want. For example, we now try to bypass spaces to execute the command:
Someone may ask, what if there are no keywords we need in the environment variables? Of course, we can add:
Next, let’s look at the situation of Unix system. Here I am using MacOS for testing.
We found that despite the different settings of environment variables, we were able to use environment variables to achieve the effect of bypassing blacklists:
The above is the detailed content of Bypassing the blacklist command to execute tips (two). For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1665
14
1423
52
1321
25
1269
29
1249
24
How to check the warehouse address of git
Apr 17, 2025 pm 01:54 PM
To view the Git repository address, perform the following steps: 1. Open the command line and navigate to the repository directory; 2. Run the "git remote -v" command; 3. View the repository name in the output and its corresponding address.
How to run sublime after writing the code
Apr 16, 2025 am 08:51 AM
There are six ways to run code in Sublime: through hotkeys, menus, build systems, command lines, set default build systems, and custom build commands, and run individual files/projects by right-clicking on projects/files. The build system availability depends on the installation of Sublime Text.
How to solve complex BelongsToThrough relationship problem in Laravel? Use Composer!
Apr 17, 2025 pm 09:54 PM
In Laravel development, dealing with complex model relationships has always been a challenge, especially when it comes to multi-level BelongsToThrough relationships. Recently, I encountered this problem in a project dealing with a multi-level model relationship, where traditional HasManyThrough relationships fail to meet the needs, resulting in data queries becoming complex and inefficient. After some exploration, I found the library staudenmeir/belongs-to-through, which easily installed and solved my troubles through Composer.
laravel installation code
Apr 18, 2025 pm 12:30 PM
To install Laravel, follow these steps in sequence: Install Composer (for macOS/Linux and Windows) Install Laravel Installer Create a new project Start Service Access Application (URL: http://127.0.0.1:8000) Set up the database connection (if required)
git software installation
Apr 17, 2025 am 11:57 AM
Installing Git software includes the following steps: Download the installation package and run the installation package to verify the installation configuration Git installation Git Bash (Windows only)
macOS: System Architecture and Core Components
Apr 28, 2025 am 12:05 AM
The system architecture of macOS includes hardware abstraction layer, XNU core, I/OKit, core services and Aqua user interface. Core components include the startup process, the APFS file system, and SystemIntegrityProtection. Performance optimization and best practices involve hardware configuration, software setup, and development skills.
How to run sublime python
Apr 16, 2025 am 08:54 AM
How to run Python scripts in Sublime Text: Install Python interpreter configuration Interpreter path in Sublime Text Press Ctrl B (Windows/Linux) or Cmd B (macOS) to run the script If an interactive console is required, press Ctrl \ (Windows/Linux) or Cmd \ (macOS)
How to set shortcut keys for sublime
Apr 16, 2025 am 09:15 AM
To set the shortcut keys for Sublime Text, follow these steps: Open the shortcut key settings file Key Bindings - User. Add shortcut key settings using the format { "keys": ["key combination"], "command": "command" }. Save changes. Reload the shortcut key settings for the changes to take effect.
