OS Command Injection attacks occur when the hacker attempts to execute system level commands through a vulnerable web application. These high impact server/application injections help the hacker to bypass administrator privileges and execute malicious OS commands. Just like SQL injections, OS Command injections can be blind or error-based.
Meta-characters (&, |, /;) are usually used to merge commands and create malicious OS Command Injections, that can be used to exploit vulnerable applications.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.