Definition

OS commanding

OS commanding is a method of attacking a Web server by remotely gaining access to the operating system (OS) and then executing system commands through a browser. Once access has been gained in this way, a hacker can upload programs to the compromised server and run them. OS commanding is similar to command injection, a scheme in which an attacker alters dynamically generated content on a Web page by entering HTML code into an input mechanism, such as a form field that lacks effective validation constraints.

The vulnerability of a server or other network-connected computer to OS commanding attacks can be minimized by:

  • Blacklisting of forbidden character sequences.
  • Whitelisting of allowed character sequences.
  • Restricting permissions on OS commands.
  • Filtering out command directory names.

According to security experts, the main reason that OS commanding and similar exploits are on the rise is that security is not sufficiently emphasized in the development of operating systems and applications. To protect the integrity of network servers, experts recommend the implementation of simple precautions during development, such as controlling the types and numbers of characters that are accepted by servers from users.

This was last updated in July 2006
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSoftwareQuality.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: