Command Injection

Definition

Command injection is the abuse of an application’s behavior to execute commands on the operating system, using the same privileges that the application on a device is running with.

Types

1. Blind Command Injection
2. Verbose Command Injection

Vulnerable Functions

1. PHP
   1. exec
   2. passthru
   3. system