2 years ago

#6426

test-img

X-HAT

Is my code vulnerable to Command Injection?

I am creating a CMS but I do not know how to write the code to get saved from Command Injection. Let me know if there is a RCE vulnerability in my code.

case 'clearcache':
    global $selected_language;
    $url= $_REQUEST['url'];
    $type = $_REQUEST['type'];
    
    if($type && $type == 'full') {
        if($selected_language == 'en'){
            exec('curl -X BAN -H "Host: en.mydomain.com" http://0.0.0.0/*',$output,$return);
        }else{
            exec('curl -X BAN -H "Host: www.mydomain.com" http://0.0.0.0/*',$output,$return);
        }
        echo $return;
        exit;
    }else{
        $parse_url=parse_url($url);
        //echo $parse_url['path'];
        if(isset($parse_url['path'])){
            if($selected_language == 'en'){
                exec('curl -X PURGE -H "Host: en.mydomain.com" http://0.0.0.0'.$parse_url['path'],$output,$return);
            }else{
                exec('curl -X PURGE -H "Host: www.mydomain.com" http://0.0.0.0'.$parse_url['path'],$output,$return);
            }
            echo $return;
            exit;
        }else{
            echo "error";
            exit;
        }
    }       
    break;
}

php

commandinjection

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs