Operating System Command Injection


OS command injection occurs when user supplied input is used to form a command to be executed by the operating system. Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being sanitized properly.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Web App ScanningWeb ApplicationsAuthenticated ScanHTTP/HTTPSCommand InjectionPlugin IDs: 98123


Operating System Command Injection

Attack Path Technique Details

Framework: OWASP

Family: Injection

Technique: Code Injection

Platform: Web Application

Products Required: Tenable Web App Scanning

Tenable Release Date: 2022 Q2