Executing Shell Commands

Web-application developers with enough years of experience cringe at the thought of passing the value of a URI parameter into a shell command. Modern Web applications erect strong bulwarks between the application's process and the underlying operating system. Shell commands by their nature subvert that separation. At first, it may seem strange to discuss these attacks in a chapter about server misconfigurations and predictable pages. In fact, a secure server configuration can mitigate the risk of shell command exploits regardless of whether the payload's entry point was part of the Web application or merely one component of a greater hack.

In the nascent Web-application environment of 1996, it was not uncommon for ...

Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.