Command Override
Applications accepts an input that it uses to fully select which program to run, as well as which commands to use.
May be useful for diagnostic purposes.
Application uses exec, system, CreateProcess, ...
A crafted payload may subvert the entire execution path.
Attacker may run in a single command, or a chain of commands.
A single command may be disastrous: reverse shell, mass deletion.
Last updated