Security Hub

Bring your software development workflows to security

icon-shelli

Shell injection

Signals & Triggers

On shell command execution
If user inputs are matched in the command

Actions

  • prevent command execution prevent command execution
  • block incoming http request block incoming http request
  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook
  • Log request stack trace

Details

When an application relies on shell commands to perform transactions, it can lead to critical vulnerabilities, giving an attacker a way to access the underlying OS.

Let’s take a simple example: ls -l $directory_name. Assuming directory_name comes from the user input. Sending .; cat /etc/passwd will result in: ls .; cat /etc/passwd. The attacker just managed to extract highly sensitive server data through a simple injection.

Sqreen can detect and block HTTP requests vulnerable to shell injections, without false positive by acting in-app.

Advanced details

On every shell execution triggered by an HTTP request, Sqreen parses locally the shellcode about to be executed. It will look for non-sanitized commands - ls, touch, cat, rm, … - coming from user inputs that inject executable commands. They would allow attackers to perform arbitrary operations on the server.

No traffic redirection is performed. The analysis of the script happens inside the application thanks to Sqreen’s dynamic instrumentation of the system libraries.

By being in-app and running just before the Shell script is sent to the OS - the very last step in your app - we can guarantee zero false positives in the detection and protection of shell injections.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

No data collected


On attack
  • Request payload
  • Attacker IP
  • Attacker account (Sqreen SDK)
  • Stack trace

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://8dc0b36f0ea6f2f21b721765e10a7e02768cd1825b4551f4:@packagecloud.io/install/repositories/sqreen/sqreen/script.deb.sh | bash

$ apt-get install --no-install-recommends sqreen-agent sqreen-php-extension

$ /usr/lib/sqreen/sqreen-installer config {your token}

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo