How to prevent users from executing commands through browser URL?
It's a command injection attack in which :
the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
There are many strategies to mitigate or to avoid this kind of attacks like:
- Do not “exec” out to the Operating System if it can be avoided.
- Validate untrusted inputs.(Character set,Minimum and maximum length,Match to a Regular Expression Pattern...)
- Neutralize meta-characters that have meaning in the target OS command-line.
- Implement “Least Privilege”
You can find somes here and have a look at this cheatsheet from OWASP for further details.
As stated before, it's a command injection attack that attempts to download a .sh script, grant it permissions to run and then execute it. The script in this case is a bitcoin miner.
The recommendations in the OWASP guide that Soufiane should be followed to ensure your web application is secure, but for an extra layer of security a Web Application Firewall can be used which will block requests like these before they reach your server process.