Testing for command injection
OWASP
OWASP Web Security Testing Guide 4.2 > 7. Data Validation Testing > 7.12. Testing for Command Injection
| ID | Link to Hackinglife | Link to OWASP | Description |
|---|---|---|---|
| 7.12 | WSTG-INPV-12 | Testing for Command Injection | - Identify and assess the command injection points with special characters (i.e.: | ; & $ > < ' !) For example: ?doc=Doc1.pdf+|+Dir c:| |
Command injection vulnerabilities in the context of web application penetration testing occur when an attacker can manipulate the input fields of a web application in a way that allows them to execute arbitrary operating system commands on the underlying server. This type of vulnerability is a serious security risk because it can lead to unauthorized access, data theft, and full compromise of the web server.
See my notes on Command injection
Last update: 2025-01-26 Created: December 26, 2023 19:00:18