Here, we are going to talk about the OS command Injection. You will be informed about everything you need to know about this issue. We will start from the description, for your better understanding, then we will go through the issue’s impact, and later we will see how to fix it. Also, you will be guided through the whole process which will be valuable to implement when it comes to practice and real life. Besides that, the examples of it and the recent attacks that happened will be explained in this lesson. So, stay concentrated and learn as much as you can so you will be able to protect your safety!
OS Command Injection Description
First of all, this issue is also known as CWE-78. What the attacker can do here is that he can be able to execute some malicious commands on the operating system which is targeted. This injection’s weaknesses may expose such an environment for the attacker and even when doesn’t have the proper or direct access to the operating system. So, what happens when this issue targets the privileged program? It happens that it can allow the attacker to specify some of the commands which could not be able otherwise. Also, he can call the other alternate commands and all that without the privilege the attacker may not have.
This malicious command can interfere with the system’s privileges and in that case to allow the attacker to cause some additional damage to it.
When talking about OS command injection, you need to know that there are two subtypes of it. The first one happens when the app is trying to execute some fixed program which is basically under its control. Then, it accepts the external input as the argument to that program. The second subtype is when the app itself is using the input with a purpose to select which program can run and what would be the commands that it will use. The app easily sanitizes the input and then simply redirects the whole commands back to the operating system.
OS Command Injection Impact
What can the attacker do when he implements the CWE-78? Simply, it happens that the hacker may leverage this issue with a purpose to execute all of the arbitrary disclosures, some highly-sensitive information and of course to cause the whole denial of service. Isn’t that enough? Unfortunately not… It may also happen that any of the activities that are malicious can easily appear and come to some of the vulnerable applications. Then, those will be executed because it’s for the best in the security context for that application and of course for its user.
Example Of OS Command Injection
This issue, as all of the others, can be best explained while learning more about it in the example. That is why we provided some of the greatest samples for your best understanding. Keep your eyes wide open and stay concentrated to know how to recognize if you ever encounter such an issue in your life. Let’s take a look!
use CGI qw( :standard) ;
$name = param ( ‘name’ ) ;
$nslookup = ”/path/to/nslookup” ;
print header ;
if (open($fh, ”$nslookup $nameI”)) {
while (<$fh>) {
print escapeHTML ($_) ;
print ”<br>\n” ;
}
close($fh) ;
}
The example that I have shown you is actually a web app which intents to perform a lookup (DNS) of the user’s domain name which is supplied. Also, you can understand it as a subject which can be the first variant of the OS command injection itself.
OS Command Injection Impact
We will now see how these attacks looked like. In that case, you will be familiar with such events and you will know the purpose of this issue. Their typical severity is high. These attacks are very desirable for the hackers because they can easily get the confidentiality, integrity, availability, full access control, and authorization. It is basically a high-motivation for the attackers because they can easily seek and also discover so many opportunities for any kind of the attack due to the great power it literally yields. Also, they are allowed to execute some of the unexpected and also very dangerous commands and all that directly on the specific operating system. So, the web apps are those that are mostly affected, but it can also appear on some privileged program, as I have already mentioned what such action can cause.
How To Fix OS Command Injection
Ok, we have introduced you to the OS command injection and the things you need to know about it. But, now we need to learn something which is of high-importance! What else could be that than how to fix it! It would be the best to know how to prevent it, of course. In the ideal situation, the developer must use some of the existing APIs for the relevant programming language. When such thing is not possible, it would be the best to the whole command execution. How to stay protected? Literally, execute the strings which not include the user’s input, but do this only for the static strings. Another thing you need not do is to execute all of the unauthorized codes or commands that appear. Implement such action to DoS while crashing, exiting or restarting. Then, you need to read all the files of the directories and later to modify them. Do the same for the app’s data. The last thing you need to do is to hide the activities.
All in all, I think that is all clear to you. Hope that you have enjoyed this lesson and that you will continue your journey through the safety of the cybersecurity world!