SN 8.1
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/28
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
29 Terms
What is a web application?
A web application is a program that runs on a server. When your browser sends a request, the server processes it and sends back a response (the webpage).
What is a shell?
A shell is a program that provides a text-based interface to interact with an operating system. It interprets commands and tells the OS to execute them.
What is a command injection vulnerability?
A command injection occurs when an attacker sends malicious data to a web application, and that data is used to construct a command that is executed on the server's shell, allowing the attacker to run unintended commands.
Why is the simple PHP ping example vulnerable?
The developer directly pastes user input into a shell command string without validation. An attacker can add special shell characters to execute additional commands.
What dangerous shell characters can be used for command injection?
; & | $() backticks > \n (newline) and many others.
What is the problem with trying to block dangerous characters (blacklisting)?
There are too many dangerous characters and shell interpretation is complex; an attacker can always find a character or encoding that bypasses the filter.
What is the secure alternative to blacklisting?
Whitelisting: define exactly what input is allowed (e.g., a valid IP format) and reject everything else.
How does a shell’s complexity make command injection difficult to prevent by simple filtering?
The shell interprets quotes, variables, subcommands, and encodings, so a simple string replacement cannot reliably remove all malicious patterns.
What is the principle of whitelisting?
Allow only known-good input patterns; do not try to block bad characters. This ensures only legitimate, expected data is processed.
What is the principle of least privilege?
A process should run with the minimum permissions necessary to perform its function. If compromised, the attacker’s capabilities are limited.
How can you minimise the risk of command injection?
Avoid using system commands (like system(), exec(), shell_exec()) whenever possible; use built-in language functions instead.
What should you do if you must use a system command?
Strictly whitelist the input to ensure it matches an expected format, and run the command with the least possible privilege.
What is an example of strong input validation for an IP address in PHP?
Using filter_var($ip, FILTER_VALIDATE_IP) to check that the input is a valid IP address format.
What does the conceptual equation "Secure Application = Whitelist Validation + Minimized Attack Surface + Least Privilege" represent?
It summarises the three key strategies for preventing command injection: use whitelists, avoid unnecessary system commands, and run with minimal permissions.
What is the difference between blacklisting and whitelisting?
Blacklisting tries to block a list of "bad" characters; whitelisting defines what is "good" and rejects everything else. Whitelisting is more secure.
Why is sanitisation alone insufficient?
Attackers can use many characters (;, &, $(), backticks, >, newlines) and shell complexity (quotes, variables, encodings) to bypass simple sanitisation.
What is the purpose of the principle of least privilege in the context of a web server?
If the web server process has minimal permissions (e.g., no access to /etc/passwd), even a successful command injection cannot read sensitive system files.
What is a subcommand in shell injection?
Using $() or backticks to embed a command that is executed and its output is substituted into the original command.
How can an attacker use a semicolon (;) in a command injection?
The semicolon acts as a command separator, allowing the attacker to run a second command after the intended one.
How can an attacker use a pipe (|) in a command injection?
The pipe takes the output of the first command and feeds it as input to the second command, enabling complex chains of commands.
What does a backtick (`) do in a shell?
Backticks execute the command inside them and substitute the output, similar to $().
What does an ampersand (&) do in a shell?
It runs the preceding command in the background, and then the next command is executed immediately.
What does a newline (\n) character do in a shell command?
It ends the current command and starts a new one, similar to pressing Enter.
What is the main takeaway about user input?
Treat all user input as untrusted; it is attacker-controlled until proven otherwise.
What is the recommended approach to handling user input for shell commands?
Use strict whitelisting (allow only valid formats) and avoid using shell commands when possible.
What is a shell’s role in interpreting commands?
The shell parses and interprets the command string, performing expansions (variables, subcommands, globbing) before executing the actual program.
What does "minimise use of system commands" mean in practice?
Use programming language libraries or built-in functions instead of calling external programs via shell functions like exec() or shell_exec().
What is the benefit of using filter_var() for IP validation?
It ensures that the input matches the strict format of an IP address, automatically rejecting any input that contains shell metacharacters.
What does the conceptual equation "Secure Application = Whitelist Validation + Minimized Attack Surface + Least Privilege" encourage?
It encourages a defense‑in‑depth approach: combine multiple security layers to protect against command injection.