Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OS command injection occurs when the application uses user input (which isn’t escaped or sanitized) as part of a command that’s run against the host’s operating system.
Why OS command injection vulnerabilities are problematic
Typically, end-users would not have access to the host operating system. Still, OS command injection allows malicious parties to bypass this limitation and execute commands directly against the operating system. The attacker would therefore have access to sensitive aspects of the application, granting them the ability to perform actions that may compromise the integrity of the application.
How OS command injection vulnerabilities occur
OS command injection vulnerabilities occur when users are allowed to provide input. The input provided (without sanitization or validation) is then used to build a command executed on the host operating system. The user input could be used as an argument to a program that’s supposed to run on the operating system or select a program to be run on the host.
Mitigating OS command injection vulnerabilities
To reduce exposure to OS Command injection vulnerabilities:
- Use library calls, rather than external processes, to implement the functionality needed
- Avoid running commands against the operating system if they’re built with user-supplied input
- Implement server-side checks on user-supplied input before using
- Implement an allowlist and escape/filter anything that doesn’t match
- Create a mapping of allowed inputs against which user-input is matched
TL;DR
- CWE-78 vulnerabilities occur when unsanitized/unescaped user input is used as part of a command run against the operating system or used to launch applications,
- OS injection vulnerabilities can be a way for malicious parties to bypass security controls to manipulate the server’s operating system and can be very dangerous.
Top comments (0)