Security Journey

<i>The command injection vulnerability has not been fixed in the create file function.</i>

Please review the Defense section of the lesson and try again. Remember that using regular expressions to filter out dangerous OS injection syntax is hard to do correctly and not recommended.

Instead, reference the given code examples to replace the vulnerable code with safer functions that are specifically designed to create files rather than execute arbitrary shell commands.

You can test if your patch works correctly by reattempting the Blind Injection exploit and entering <code>test1; ping -i 1 -c 15 127.0.0.1</code> as the filename. If your patch works as expected, you should see multiple files created: <code>test1;</code>, <code>ping</code>, <code>-i</code>, etc.

Add File Vulnerability Not Fixed (Command Injection Lesson)

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Issue:

Test: