Command Injection Attack
Command injection attack is where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application.
- attempts to cause the server to run OS shell commands and return the output to the browser
- web server should normally be able to prevent:
- commands from operating outside of the server’s directory root
- and commands from running with any privilege level other than the web server’s “guest” user
- is normally granted only very restricted privileges
- successful command injection attack
- would find some way of circumventing this security
- or exploit a web server that is not properly configured