If not redirected, please click here https://www.thesecuritybuddy.com/vulnerabilities/what-is-dynamic-code-evaluation-attack/
In PHP, there is a
function eval(), which is used to evaluate a string.
For example,
<?php
$to
= 'Adam';
$from
= 'Bob';
$string
= 'Hi $to, it is $from here.”
echo
$string. “\n”;
eval("\$string
= \"$string\";");
echo
$string. “\n”;
?>
In the above piece of
code, $to and $from will be replaced by 'Adam' and 'Bob' in the
eval() function.
So, the output will be
:
Hi $to, it is $from
here.
Hi Adam, it is Bob
here.
A Dynamic Code
Evaluation attack is an attack, in which all or part of the input
string of eval() gets maliciously controlled by the attacker.
For example, let's
consider this piece of code :
<?php
$name
= 'Adam';
$string
= $_GET['arg'];
eval("\$name
= \"$string\";");
?>
Here,
$string is an input taken from a user and then, the value is assigned
to $name.
But,
suppose an attacker gives as input 'noname ; system(“ls”)'.
Then,
$string will be assigned 'noname; system(“ls”)' and inside the
eval() function 'ls' will get called, revealing the list of files in
the directory. The attacker may even update, delete or see sensitive
files in the server using this vulnerability. And, this is how a
Dynamic Code Evaluation attack is perpetrated.
How to prevent Dynamic Code Evaluation Attack ?
We
can avoid the usage of eval() as far as possible. The usage of eval()
is actually normally discouraged. Try to implement the functionality
with some other function.
But,
if you think, you must use eval(), then make sure user provided
inputs are not directly used as input of eval() function. Instead, we
should process the input string and discard suspicious characters
carefully and then use it.
So,
beware of all the security vulnerabilities and stay safe, stay
secured.
No comments:
Post a Comment