Command Injection

• Codes
• In-Band Command injection: an attacker executing commands on the host operating system via vulnerable application and receiving response in the application
• Blind Command injection: Consists of an attacker executing commands on the host operating system via a vulnerable application that doesn’t return putput from the command within its http response

How to find Command injection and Test for it

• Module 13: Command Injection
• Lab 3.1 Command Injection
• Out of Band Injection