Shell command execution attempts
As we have already seen, accepting unfiltered input from users can be dangerous. A particular class of exploit occurs when data submitted by users is used to cause the execution or display of a file which the user normally wouldn't have privileges to.
Attackers often combine multiple vulnerabilities to achieve maximum effect. Shell command execution is one exploit scenario which usually doesn't happen on its own—after all, very few web applications take user input and perform the exec()
system call on them. However, consider the following chain of events:
In this chain of event, we can see how two vulnerabilities were combined to deadly effect:
The SQL injection vulnerability was used to create a PHP file
The failure to filter out shell command execution attempts allowed the attacker to call the exec.php script to remove all files on the web server
This shows that trying to prevent shell command execution is worthwhile (and once again reaffirms the principle...