and not hackers.
Sorry that was a lame joke ☹Okay lets find out what makes an application vulnerable to command injection.
It happens when application passes unsafe data to a system shell in form of forms, cookies, headers etcAnd now let’s see how to perform command injection attacks.
For reference we will be using a code snippet from OWASP.
This code executes the command “cat” used to print content of a file and normally with reference to this code the output will beNow an attacker may put a semicolon and a command after it and it will be executed with ease.
For example if i put a command ls after putting semicolon and a command to end of this line then output will beAnd that’s how command injection works ☺Now we are done with code injection and command injection so now comes the turn of POC’s and Writeup’s and as i believe in quality over quantity so i will include only those which i find helpful and informational.
Write up’s and POC’shttps://www.
evonide.
com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/https://blog.
doyensec.
com/2017/08/03/electron-framework-security.
htmlhttps://sites.
google.
com/site/testsitehacking/-36k-google-app-engine-rcehttps://hackerone.
com/reports/135072http://www.
pranav-venkat.
com/2016/03/command-injection-which-got-me-6000.
html?view=sidebarSo go ahead and read them all.
They contain plethorea of information.
Last but not the least we are ended up with tools some tools which i found helpful areToolshttps://github.
com/commixproject/commixalso check out this payloads list as well https://github.
com/swisskyrepo/PayloadsAllTheThings/tree/master/Remote%20commands%20executionAnd at last thankyou so much for reading guys i hope you liked it i will meet you next time with more awesome content and stories till then have a safe hack.
Bibliographyhttps://www.
owasp.
org/index.
php/Code_Injectionhttps://www.
owasp.
org/index.
php/Command_Injection.. More details