OS Command Injection

What is OS Command Injection?

OS command injection is also known as shell injection. It allows an attacker to execute operating system (OS) commands on the server that is running an application, and typically fully compromise the application and its data. Often, an attacker can leverage an OS command injection vulnerability to compromise other parts of the hosting infrastructure, and exploit trust relationships to pivot the attack to other systems within the organization.

Video explaination

Types of OS Command Injection

• Regular

Result of executed command is returned with the server's response.

• Blind

Attacker is not able to see that command have been executed. he has to use tricks e.g. sleep function in order to confirm that the vulnerability exists.

Source: https://portswigger.net/web-security/os-command-injection