wangwei
/
bugtest001
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: dc5ef56004
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dc5ef56004'
${ noResults }
bugtest001/Command_Injection/Command_Injection.java

57 lines
1.1 kB
Raw Blame History 

  1. package Command_Injection;

  2. import java.io.IOException;

  3. import java.util.logging.Logger;

  4. 

  5. public class Command_Injection

  6. {

  7. 	static final Logger log = Logger.getLogger("local-logger");

  8. 	

  9.     public Process bad()

  10.     {

  11.     	String data = System.getProperty("ADD");

  12. 

  13.         String osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";

  14.         

  15.         Process p = null;

  16. 		try {

  17. 			p = Runtime.getRuntime().exec(osCommand + data);  // bad  命令注入

  18. 		} catch (IOException e) {

  19. 			log.info("IOException");

  20. 		}

  21. 		return p;

  22.     }

  23. 

  24.     

  25.     public Process good()

  26.     {

  27.         String data = System.getProperty("ADD"); 

  28. 

  29.         String osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";

  30. 

  31.         data = SafeCheck(data);

  32.         

  33.         Process p = null;

  34.         

  35.         if(!data.equals("bad")){

  36.         	 

  37. 			try {

  38. 				p = Runtime.getRuntime().exec(osCommand + data);  // good  命令注入

  39. 			} catch (IOException e) {

  40. 				log.info("IOException");

  41. 			} 

  42.         }

  43.         return p;

  44. 

  45.     }

  46.     

  47.     public String SafeCheck(String input){

  48.     	if("good".equals(input)){

  49.     		return "foo";

  50.     	}else{

  51.     		return "bad";

  52.     	}

  53.     }

  54.     

  55. }