DEVHIDE
Login Or Sign up

Is my code vulnerable to Command Injection?

166 Views Asked by At

I am creating a CMS but I do not know how to write the code to get saved from Command Injection. Let me know if there is a RCE vulnerability in my code.

case 'clearcache':
    global $selected_language;
    $url= $_REQUEST['url'];
    $type = $_REQUEST['type'];
    
    if($type && $type == 'full') {
        if($selected_language == 'en'){
            exec('curl -X BAN -H "Host: en.mydomain.com" http://0.0.0.0/*',$output,$return);
        }else{
            exec('curl -X BAN -H "Host: www.mydomain.com" http://0.0.0.0/*',$output,$return);
        }
        echo $return;
        exit;
    }else{
        $parse_url=parse_url($url);
        //echo $parse_url['path'];
        if(isset($parse_url['path'])){
            if($selected_language == 'en'){
                exec('curl -X PURGE -H "Host: en.mydomain.com" http://0.0.0.0'.$parse_url['path'],$output,$return);
            }else{
                exec('curl -X PURGE -H "Host: www.mydomain.com" http://0.0.0.0'.$parse_url['path'],$output,$return);
            }
            echo $return;
            exit;
        }else{
            echo "error";
            exit;
        }
    }       
    break;
}
php commandinjection
Original Q&A
0

There are 0 best solutions below

Related Questions in PHP

Related Questions in COMMANDINJECTION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.