Commix-Command Injection Exploiter (Beginner’s Guide)
In this article, we learn how to use Commix from scratch by using all the basic commands and going all the way to the advanced ones.
Table of Content
- Introduction to command injection
- Introduction to Commix
- Working of Commix
- Types of Commix
- Requirements
Introduction to Command Injection
Command injection is also known as shell injection or OS injection. Command injection is one of the top 10 OWASP vulnerability. it’s an attack in which arbitrary commands of a host OS are executed through a vulnerable application. Such an attack is possible when a web application sends unsafe user data to the system shell. This user data can be in any form such as forms, cookies, HTTP headers, etc. Mostly the vulnerability command injection rises due to insufficient input validation. In this attack, the default functionality of the application is extended by an attacker who then executed the system commands with injecting code which makes it different from code injection.
The process of command injection was accidentally discovered in 1997 by a programmer in Norway. This accident led to the deletion of web pages of a site. SQL command injection is the most popular form of command injection. Through this attack, an attacker adds SQL code to the input box in order to gain access. Web applications are compulsory for such attacks as we communicate with the underlying OS via such web applications.
Full Article Read Here
Cloud Engineer w/ 18 certs: CISSP | GCIH | CCNA | CASP+| CySA+| Server+| Cloud+| Linux+| Security+| Network+| A+
6 年Thank you for continuing to post good content