how to avoid calling OS commands asp.net? [closed]

0 投票
最新提问 用户: (120 分)

I am developing VULNERABLE web application project and I want to block to shell commands in asp.net

you can see VULNERABLE web app on link.

my source code

https://packetstormsecurity.com/files/60858/aspxshell.aspx.txt.html

small my code

Process p = new Process();
        p.StartInfo.CreateNoWindow = true;
        p.StartInfo.FileName = "cmd.exe";
        p.StartInfo.Arguments = "/c " + txtCmdIn.Text;
        p.StartInfo.UseShellExecute = false;
        p.StartInfo.RedirectStandardOutput = true;
        p.StartInfo.RedirectStandardError = true;
        p.StartInfo.WorkingDirectory = dir;
        p.Start();

        lblCmdOut.Text = p.StandardOutput.ReadToEnd() + p.StandardError.ReadToEnd();
        txtCmdIn.Text = "";

I don't want my webpage send to command to cmd ? How to avoid that? it's possible?

enter image description here

how to avoid calling OS commands asp.net? How can I control that ?

发表于 用户: (100 分)
"I don't want my webpage send to command to cmd ?" Then don´t implement this. I don´t understand your question. Your executing the console but want to avoid executing it?
发表于 用户: (100 分)
If you want to execute some shell commands, but not others, you'll need to write some parsing to filter and only allow certain things. Or, better yet, provide a list of commands people can run, and let them provide the parameters. However, I'm sure someone could still get around things (similar to an SQL Injection attack).
发表于 用户: (120 分)
yeah you are right . I gonna explain what I am doing. My project have to be VULNERABLE web application and also how can I avoid that ?my teacher want to VULNERABLE web application on University.
发表于 用户: (120 分)
I need some filter . thank you for helping.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...