Skip to content
/ os-command-injection Public

A threat actor may inject arbitrary operating system (OS) commands on target

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/os-command-injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
os-command-injection.drawio
os-command-injection.drawio
 
 
os-command-injection.png
os-command-injection.png
 
 

Repository files navigation

A threat actor may inject arbitrary operating system (OS) commands on target

Example #1

  1. Threat actor crafts a malicious request to a vulnerable target
  2. The target process the malicious request and returns the result

Code

Target-Logic

$result = exec("ping -c4 ".$_GET["ip"]);
echo($result)

Target-In

x 2>/dev/null || whoami

Target-Out

root

Impact

High

Names

  • Command Injection

Risk

  • Read & write data
  • Command execution

Redemption

  • Input validation

ID

154d5db5-9614-42f9-9898-3355a7b7848f

References

About

A threat actor may inject arbitrary operating system (OS) commands on target

Topics

command os injection vulnerability os-command-injection qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors