Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for Remote OS Command Injection - Timing Based

HawkScan Test Info for Remote OS Command Injection - Timing Based

Remote OS Command Injection - Timing Based

Reference

Plugin Id: 90037 | CWE: 78

Remediation

  1. Input validation: Implement strict input validation and sanitization for all user-supplied data.
  2. Use safe APIs: Avoid direct command execution and use parameterized APIs, libraries, or safe alternatives.
  3. Command filtering: If command execution is necessary, use strict allowlists for permitted commands and arguments.
  4. Principle of least privilege: Run applications with minimal required system privileges.
  5. Sandboxing: Implement application sandboxing to limit the impact of successful command injection.

About

Remote OS Command Injection occurs when applications accept untrusted input to build operating system commands without proper validation or sanitization. Attackers can inject malicious commands that execute with the application’s privileges, potentially compromising the entire system.

Risks

Critical Command injection can lead to complete server compromise, allowing attackers to execute arbitrary commands, access sensitive data, install malware, pivot to other systems, and maintain persistent access to the infrastructure.