command injection

Command injection is the insertion of HTML code into dynamically generated output by a malevolent hacker (also known as a cracker) seeking unauthorized access to data or network resources...

Internet Security

Looking for something else?

TECHNOLOGIES
Attack types
+ Show More

Command injection is an attack method in which a hacker alters dynamically generated content on a Web page by entering HTML code into an input mechanism, such as a form field that lacks effective validation constraints. A malevolent hacker (also known as a cracker) can exploit that vulnerability to gain unauthorized access to data or network resources. When users visit an affected Web page, their browsers interpret the code, which may cause malicious commands to execute in the users' computers and across their networks.

Originally known as shell command injection, the process was accidentally discovered in 1997 by a programmer in Norway. The first command injection resulted in the unintended deletion of Web pages from a site, removed as easily as files from a disk or hard drive.

The most common form of command injection is known as SQL command injection or simply SQL injection, a security exploit in which a cracker adds SQL (Structured Query Language) code to a Web form input box to gain access to resources or make changes to data.

This was first published in January 2006

Continue Reading About command injection

Glossary

'command injection' is part of the:

View All Definitions

Dig deeper on Internet Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close