June 2018
Intermediate to advanced
294 pages
7h 5m
English
Command Injection is very simple, you just exploit it by executing commands on a web page because it allows you to do so. In other words, if you ever see a page that offers the functionality of executing a command in the backend, then it's probably vulnerable to this attack. Command Injection is very popular in Capture the Flag (CTF) because it allows you to completely own a remote machine (the machine that hosts the web application).
As usual, let's see a practical example using Mutillidae. Open the left menu OWASP 2017 | Injection | Command Injection | DNS Lookup:

This page executes the DNS Lookup command in the backend. ...
Read now
Unlock full access