Bash Command Injection

By
Nash N Sulthan
Published on
02 Jul 2018

Command injection is an injection technique by which a set of arbitrary commands on the host operating system through a vulnerable application to attack the system. This type of attack is possible when a web application passes unsafe user-supplied data to a system shell. This includes forms, cookies, HTTP headers etc. In this attack, the operating system commands sent by the attacker is executed with the execution privileges of the vulnerable application. This type of attacks is largely due to insufficient input validation.

There are servers having a vulnerability that can cause Bash code injection vulnerability. This vulnerability can allow an attacker to execute malicious code using a custom environment. The Server side scripts allow bash to run in the background. This allows the vulnerability to be exploited remotely over the network. This may lead to severe damage to the server.

Impact

The impact include:-

  • Executing commands on the underlying operating system.
  • injection attack
  • Data loss

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Upgrade Bash to the latest version.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.