Web applications attacks/Command injection

From aldeid

Jump to navigation Jump to search

Description

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Examples

WebGoat Command Injection lesson will teach you how to inject commands (netstat and ifconfig) through a non-purified text field and get the results.
Get a shell from a command injection vulnerability

Protection

Control and purify data that are sent from the browser on server-side.
Enforce coding standards: Use prepared statements and stored procedures to avoid SQL injections
Use mysql_real_escape_string() function.
Use white lists input validation

Tools

Puzlbox

Comments

Retrieved from "https://www.aldeid.com/w/index.php?title=Web_applications_attacks/Command_injection&oldid=35610"

Penetration-testing/Injections-and-inclusions/Command-injection

Share your opinion