Page:
Prevention Of OS Command Injection
=========================-START-==============================
This document explains what OS Command Injection is and how it works. It also lists common parameters that can be used to test for Command Injection and provides examples of how to exploit it. The document also covers Blind OS Command Injection and ways of injecting OS Commands.
Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application
leads to fully compromising the application and all its data.
Most common parameters that can be considered while testing for Command injection
cmd exec command execute ping query jump code reg do func arg option load process step read function req feature exe module payload run print
Attackers identify a critical vulnerability in an application.
The attacker alters dynamically generated content on a web page using HTML code through an input mechanism such as a form field or cookies.
Once the code is inserted into the affected web page, browsers interpret the code.
This allows the attackers to execute specific commands across users’ computers — along with both users’ networks and the infected system’s network.