Web application security - the fast guide 1.1 | Page 141

Chapter 7 - Attack execution (3)
P a g e | 141
A similar example can be applied using ASP.NET as illustrated in the following
listing
string dirName = “C:\\filestore\\” + Directory.Text;
ProcessStartInfo psInfo = new ProcessStartInfo(“cmd”, “/c dir “ +
dirName);
...
Process proc = Process.Start(psInfo);
simply by using the ampersand character (&) attacker can write any command
and execute it because (&) is used to batch multiple commands.
You can also understand how to use PHP commands like (exec) and (eval) to
execute a malicious command by using semicolon (;).
7.2 Attack File system
Normally attacking file system can use two main methods, the inclusion method
and the path traversal method the general purpose is enable accessing a
restricted resource or to inject and execute a server side malicious code.
7.3 Inclusion method
Attack requirement:
No white list validation for the parameter value