/Code Review/Command Injection Filter Bypass

Command Injection Filter Bypass

Bypassing weak command injection filters using encoding and alternative syntax.

CRITICALHard

Vulnerable Codepython

1import subprocess
2
3def run_diagnostic(target):
4    # "Security" filter - block dangerous characters
5    blocked = [';', '|', '&', '$', '`', '>', '<']
6    for char in blocked:
7        if char in target:
8            return "Invalid input"
9    
10    cmd = f"ping -c 1 {target}"
11    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
12    return result.stdout

Understanding the Issue

Blocklist filters are easily bypassed. Newlines, tabs, and encoded characters can inject commands. Always use allowlist validation and avoid shell=True.

Newline Injection

Bypass blocklist using newline character

Malicious Input

target = "8.8.8.8\nwhoami"
target = "8.8.8.8%0aid"  # URL encoded newline

Impact

Executes ping then whoami/id command

Technical Details

Vulnerability Type: OS Command Injection (Filter Bypass)
Severity: CRITICAL
Language: Python
CWE: CWE-78
OWASP: A03:2021 - Injection

Command Injection Filter Bypass

Understanding the Issue

How Attackers Exploit This

Newline Injection

Finding the Vulnerability(3 hints)

Technical Details

Command Injection Filter Bypass

Understanding the Issue

How Attackers Exploit This

Newline Injection

Finding the Vulnerability(3 hints)

Technical Details