Command Injection


Description

The application is vulnerable to command injection attacks. The application uses user-supplied data to construct commands for the backend operating system. An attacker is able to submit user input in order to change the structure of command statements and effectively bypass application logic. Once the attacker can control the application’s operating system command syntax, they can send commands directly to the operating system with the same privileges of the application.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply