Command Injection

  • Web applications often need to interact with the underlying operating system, such as when a file is created through a file upload mechanism.

  • Web applications should always offer specific APIs or functionalities that use prepared commands for the interaction with the system.

  • Prepared commands provide a set of functions to the underlying system that cannot be changed by user input.

  • Sometimes a web application needs to address a multitude of different cases, and a set of predefined functions can be too inflexible. In these cases, web developers often tend to directly accept user input, then sanitize it.

PreviousFile Upload VulnerabilitiesNextSQL Injection Attacks

Last updated