June 2017
Intermediate to advanced
338 pages
8h 28m
English
Command injection, on the other hand, does not look to inject code, reflect back to hosts, and alter the application's behavior. Command injection finds a window through an injectable command used in normal operation of the application that gives us some visibility or reach into the back end Web or Application Tier servers. The objective is to inject additional commands into the variable strings to run local commands on the host operating system, such as a copy command, reconfiguration of an interface, or worst case scenarios such as fdisk. This is not your typical fun-loving hijinks – this is cruel stuff. A great discussion of this occurs in the OWASP OTG (https://www.owasp.org/index.php/Command_Injection ...
Read now
Unlock full access