Fandom

The IT Law Wiki

Command injection

32,181pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

Command injection

allows for the execution of arbitrary commands and code by the attacker. If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed.[1]

Overview Edit

"Command injection vulnerabilities typically occur when:

1. Data enter the application from an untrusted source.
2. The data are part of a string that is executed as a command by the application.
3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."[2]

References Edit

  1. Common Cybersecurity Vulnerabilities in Industrial Control Systems, at 14 (citation omitted).
  2. Id.

Also on Fandom

Random Wiki