Page tree
Skip to end of metadata
Go to start of metadata

Security Assessment

Risk Probability Impact
9.6 3.9 5.9
CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:M/IR:M/AR:M/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H

Vulnerability Information

A command injection vulnerability allows an attacker to execute arbitrary system commands, which can result in a entire takeover of the webserver. Command injection attacks are possible if a web application passes untrusted user input directly to functions like exec() or system().

Table of Contents

Further Reading

Testing for local file inclusion

Testing for Remote File Inclusion

Guides

A command injection vulnerability exists when user supplied input is not validated correctly by the web application. The following snippet shows PHP code which is vulnerable to command injection.

Command injection vulnerability
<?php
$ip = $_POST['ip'];
$cmd = system('ping '.$ip);

echo $cmd

?>

In the case of the vulnerable code above, the attacker could escape the ping command by adding a semicolon to the command and executing arbitrary other system commands. Example input: ; cat /etc/passwd 

In order to secure your web application from command injection, validate the users input and only allow commands that are needed for the task. You can also sanitizise the users input by removing characters like ; and other shell escapes like &, &&, |, ||, <.


Contribute

You are facing an issue that is not covered in our guides, we are happy to include solutions here. Please send us an e-mail to support@crashtest-security.com.

Crashtest Security

Crashtest Security is a Munich, Germany based start-up that redefines web application vulnerability scans.  The Crashtest Security Suite is differentiating itself as a fully automated vulnerability scanner enhanced with artificial intelligence developed for the needs of the agile developer or SecDevOps. Clear vulnerability insights are provided as well as contextual actionable insights for risk mitigation. 



For more information visit https://crashtest-security.com

  • No labels