Detections
Analytics
Operating System Command Injection
Description
OS command injection occurs when user supplied input is used to form a command to be executed by the operating system.
Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being sanitized properly.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Web App Scanning | Web Applications | Authenticated Scan | HTTP/HTTPS | Command Injection | Plugin IDs: 98123 |
References
Attack Path Technique Details
Framework: OWASP
Family: Injection
Technique: Code Injection
Sub-Technique: Operating System Command Injection
Platform: Web Application
Products Required: Tenable Web App Scanning
Tenable Release Date: 2022 Q2