Command Injection Vulnerabilities

What is a command injection vulnerability?

Many applications are not designed to be wholly self-contained. They often access external systems as well, including databases, application programming interfaces (APIs) and others.

Some applications are designed to run commands within the terminal of the system that they are running on. For example, a program may wish to list the files within a directory and decides to accomplish it using the ls or dir commands built into the operating system.

This use of the underlying terminal creates risk. If an application uses untrusted user input when defining the low-level commands to be run, it may include a command injection vulnerability. An attacker can exploit this vulnerability to run their own commands on the system.

Examples of command injection vulnerabilities

Most programming languages have functions that provide the option to run commands in the terminal. Two examples of commonly-used languages with this functionality are C++ and Python.

C++

C++ is a general-use programming language with a great deal of built-in functionality. The C++ system function enables a developer to run terminal commands from within a C++ application.

Sponsorships Available

Sponsorships Available

Sponsorships Available

The image above shows sample code for an application that is designed to print the contents of a file on the filesystem. Instead of using file streams, the program uses the system command to call the cat function with a user-provided filename.

Ideally, a user will enter a legitimate filename, resulting in the contents of the desired file being printed. If the file does not exist, nothing bad will happen either.

However, this program can be abused in a number of different ways. A few examples include:

• Reading unauthorized files: The application is designed to allow users to read files within a given directory. However, by using directory traversal (such as the use of ..), the user (Read more...)