OS commanding

OS commanding is a method of attacking a Web server by remotely gaining access to the operating system (OS) and then executing system commands through a browser... (Continued)

OS commanding is a method of attacking a Web server by remotely gaining access to the operating system (OS) and then executing system commands through a browser. Once access has been gained in this way, a hacker can upload programs to the compromised server and run them. OS commanding is similar to command injection, a scheme in which an attacker alters dynamically generated content on a Web page by entering HTML code into an input mechanism, such as a form field that lacks effective validation constraints.

The vulnerability of a server or other network-connected computer to OS commanding attacks can be minimized by:

  • Blacklisting of forbidden character sequences.
  • Whitelisting of allowed character sequences.
  • Restricting permissions on OS commands.
  • Filtering out command directory names.

According to security experts, the main reason that OS commanding and similar exploits are on the rise is that security is not sufficiently emphasized in the development of operating systems and applications. To protect the integrity of network servers, experts recommend the implementation of simple precautions during development, such as controlling the types and numbers of characters that are accepted by servers from users.

This was first published in July 2006

Continue Reading About OS commanding

Glossary

'OS commanding' is part of the:

View All Definitions

Dig deeper on Internet Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close