What is a Command Execution Vulnerability?

Web Server Security

Database Security

Application Server Security

Vulnerability Archive

Secure Development

Application Firewalls

Main -> Questions

TOPIC'S

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

What is a Command Execution Vulnerability?

" is an attack technique used to exploit web sites by executing Operating System commands through manipulation of application input.

When a web application does not properly sanitize user-supplied input before using it within application code, it may be possible to trick the application into executing Operating System commands. The executed commands will run with the same permissions of the component that executed the command (e.g. Database server, Web application server, Web server, etc.)." -Web Application Security Consortium Threat Classification

External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000. Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape. Website Security Web Application Security solid state drives ebay cd players camera lens deals buy macbook air not work safe software security canon camera deals

Popular Links By Subject

Sponsored Link (Advertise)

Subscribe to CGISecurity.com

The Web Security Mailing List

Re: [WEB SECURITY] Paper draft: Enough With Default Allow in Web Applications!

Re: [WEB SECURITY] Nice little XSS trick

[WEB SECURITY] Security Vacation Guide

[WEB SECURITY] Lateral SQL Injection Revisited - No Special Privs Required

Re: [WEB SECURITY] ActivePerl

[WEB SECURITY] cross site trace

[WEB SECURITY] Web Application Security Professionals Survey (July 2008)

Re: [WEB SECURITY] cross site trace

Re: [WEB SECURITY] cross site trace

Re: [WEB SECURITY] cross site trace

Contact us

Post News, get linkage!