Which of the following makes a command injection possible?

Last Updated on September 2, 2021 by Admin

Which of the following makes a command injection possible?

  • unneeded service ports left open
  • input is accepted without bounds checking
  • web server that accepts input from the user and passes it to a bash shell
  • two passwords that hash to the same value
Explanation:
When a web server accepts input and passes it to a bash shell (command line), an attacker might input a command as part of the input that might be accepted and processes by the web server.Two passwords that hash to the same value is called a hash collision, and can lead to either or both passwords being cracked. A Birthday attack captures hashed passwords from the network and uses brute force to try out different text strings using the same hashing algorithm, hoping to end up with a matching pair of hash values, referred to as a collision.When input is accepted without bounds checking an integer overflow can occur, which is when a value is entered that is larger than expected leading to the integer overflow, a type of buffer overflow. IT occurs when a mathematic operation attempts to create a numeric value that is too large for the available storage space.When unneeded service ports are left open, the attack surface of the device is increased. Increasing the attack surface makes more attacks possible, but does not make you more susceptible to command injection.Other injection attacks include SQL injection, LDAP injection, XML injection, and file injection.

Objective: Attack Methods
Sub-Objective: Describe these web application attacks: SQL injection, Command injection, Cross-site scripting

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments