Description:
OS command injection is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subjected to this exploit. With the ability to execute OS commands, the user can upload malicious programs or even obtain passwords. OS command injection is preventable when security is emphasized during the designing and development phases of the applications.
This attack differs from code injection, where the code injection allows the attacker to add his own code that is then executed by the application. In code injection, the attacker extends the default functionality of the application without the necessity of executing system commands.
Contents:
- Description
- Problem Location
- General Tools Used
- Mitigations And Conclusion
- How Briskinfosec Helps You?
- Curious To Read Our Case Studies?
- Last But Not The Least
- You May Be Interested On
Problem Location:
The Common Parameter or Injection Points examples are (file, location, path, display, load, retrieve, read).
-
The manipulating variables references files with dot-dot-slash (../) sequences, with its variations, or by using absolute file paths.
-
It may be possible to access arbitrary files and directories stored on file system including application source code, or configuration, and critical system files.
-
Code execution on the web server.
-
Are there request parameters which could be used for file-related operations?
-
Are there interesting variable names?
General Tools Used:
- OWASP WebScarab
- OWASP WebGoat
- Commix
- Burp suite
- DotDotPwn
- Enconding/Decoding tools.
Mitigations And Conclusion:
- Application developers sometimes implement operating system interactions using calls to system utilities to create and remove directories. For example, here an un-escaped input can lead to arbitrary OS commands being executed.
- If possible, do not permit appending file paths directly. Make them hard-coded or selectable from a limited hard-coded path list via an index variable.
- If you definitely need dynamic path concatenation, ensure you only accept required characters such as “a-Z” and “0-9”. Importantly, don’t allow “..” or “/” or “” (null byte), or any such unexpected characters.
- It is important to limit the API to allow inclusion only from a directory and from directories below it. This way you can ensure that any potential attack cannot perform a directory traversal attack.
How Briskinfosec Helps You?
Briskinfosec intensely assesses the attack surfaces of your organizations. Further, our security professionals provide proper website security assessments. Also, we also harden your server’s security defences and ensure your server strength is mighty.
Curious To Read Our Case Studies?
We have a huge collection of case studies for significant security sectors like mobile, network, web- based, database, wireless, and much more. Read out our case studies to know the way we prospered during the challenge of vulnerabilities eradication.
Last But Not The Least:
The happenings of many global cyber breach incidents go unnoticed. This is due to the ubiquitous presence of them in indistinct websites, rather than all those being eligible for people to see and download from one spot at a single click shot. But, we present you a priceless gift disguised as a Threatsploit Adversary report which contains the globally occurred cyber breaches, the losses faced by companies, and much more. Instead of wandering here and there in search engines, just click our above report. You’ll save your time and feel sublime!