Created
April 5, 2017 06:46
-
-
Save psrdotcom/07f81af8712541829fdc36ed2cf6b5c8 to your computer and use it in GitHub Desktop.
Java command injection example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Assuming user has folder "Important" -> C:/Important | |
* The folder has confidential data | |
* In this example, we are trying to show the command injection attack | |
*/ | |
public class CommandInjectionExample { | |
public static void main(String[] args) { | |
evalScript(); | |
} | |
/* | |
* Executes a command | |
* You can replace this by taking input from user or from file | |
*/ | |
private static void evalScript() { | |
String script = "cmd /c start cmd.exe /K \"cd c:/Important && dir && DEL /Q * && dir\""; | |
if (script != null) | |
try { | |
Runtime.getRuntime().exec(script); | |
} catch (IOException e) { | |
e.printStackTrace(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment