External/command-injection-payload-list
1
0
Fork 0
mirror of https://github.com/payloadbox/command-injection-payload-list.git synced 2025-12-17 17:55:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
readme fix update
This commit is contained in:
İsmail Taşdelen 2019-08-15 19:10:01 +03:00 committed by GitHub
parent 83ccc1ae5d
commit 331f3b0423
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -1,7 +1,5 @@
## Command Injection Payload List ## Command Injection Payload List
<img src="https://portswigger.net/Content/Images/IssueDefinitions/os-command-injection.svg">
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation. Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
This attack differs from Code Injection, in that code injection allows the attacker to add his own code that is then executed by the application. In Command Injection, the attacker extends the default functionality of the application, which execute system commands, without the necessity of injecting code. This attack differs from Code Injection, in that code injection allows the attacker to add his own code that is then executed by the application. In Command Injection, the attacker extends the default functionality of the application, which execute system commands, without the necessity of injecting code.