Command Override

Applications accepts an input that it uses to fully select which program to run, as well as which commands to use.

• May be useful for diagnostic purposes.

• Application uses exec, system, CreateProcess, ...

A crafted payload may subvert the entire execution path.

Attacker may run in a single command, or a chain of commands.

• A single command may be disastrous: reverse shell, mass deletion.