Notes - MCS
Analysis and Exploration of Vulnerabilities
Notes - MCS
Analysis and Exploration of Vulnerabilities
  • Analysis and Exploration of Vulnerabilities
  • Vulnerabilities
    • Vulnerabilities
      • CIA Triad
      • Vulnerability Sources
    • Vulnerability Tracking
    • Vulnerability Disclosure
  • Vulnerability Assessment of Networked Systems
    • Vulnerability Research
    • Vulnerability Assessment
    • Penetration Test
      • Scope
    • Types of Assessments
    • Vulnerability Management Life Cycle
  • Enumeration and Information Leakage
    • Network access
    • Information leakage
    • Errors
    • Web Sources and Support Files
    • Cookies
    • Ports
    • Banners
    • OS Fingerprinting
  • Injection
    • CWE-74
    • How it works
    • Common Pitfalls
    • CWE-89 SQL Injection
    • Using SQL
    • Things to consider
    • The NULL plate
    • SQLi types
    • SQL Injection - Avoiding
    • CWE-78 OS Command Injection
    • Command Override
    • Argument Exploitation
    • GTFOBins and LOLBAS
    • Environmental Variables
    • Parameter Expansion
    • Code Injection - CWE-94
    • Avoiding OS Injection
  • Broken Authentication
    • OWASP A2
    • HTTP Basics
    • HTTP Communication
    • Authentication
    • Authentication Flow State
    • Referer Header
    • SESSION ID
    • Cookies (RFC 6265)
    • JWT - JSON Web Tokens
  • XSS Cross Site Scripting
    • Prevalence and Detectability
    • Reflected XSS
    • Stored XSS
    • DOM XSS
    • Cross Site Request Forgery
    • Avoiding XSS
    • Same Origin Policy
  • Concurrency
    • Concurrency
    • CWE-361 - 7PK - Time and State
    • Basic Time Related CWEs
      • CWE-362 – Race Condition
    • Serializability
    • Database ACID characteristic
    • State Related CWEs
    • Basic Side Effects Related CWEs (Covert Channel)
    • Covert Timing Channel
    • Meltdown Type
  • Buffers
    • Buffer Overflow
    • Popularity decline
    • Potentially Vulnerable Software
    • Dominant prevalence
    • Vulnerabilities in languages (mostly C/C++)
    • Why? Memory Structure 101
    • CWE-120 Classic Overflow
      • Practical Examples
    • Stack Based Vulnerabilities
    • Stack Smashing
    • Countermeasures
    • ROP
Powered by GitBook
On this page
  • OS Command Injection
  • Potential attack surface is broad
  1. Injection

CWE-78 OS Command Injection

Improper neutralization of special elements used in an OS command allows attackers to execute unexpected, dangerous commands directly on the operating system.

OS Command Injection

Can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system.

  • Remote code execution.

Can allow the attacker to specify commands that normally would not be accessible.

Can allow alternate commands with privileges that the attacker does not have.

  • Privilege escalation from a standard user to another user, or an administrator.

Exacerbated if the compromised process does not follow the principle of least privillege.

  • The attacker-controlled commands may run with special system privileges increasing the damage.

Potential attack surface is broad

Most languages have exec capabilities: system in PHP, Python, C, C++

  • Python: os.system("command"), C: exec or system.

Filenames can be used to store commands (using shell expansions).

Some Web technologies (CGI) may have server side includes with exec.

Some databases include exec alike commands (Oracle, MSSQL):

DBMS_SCHEDULER.CREATE_JOB( job_name   => ...,
                           job_type   => 'EXECUTABLE',
                           job_action => '...',
                           )

Last updated 1 year ago