Recently i found error in my website during the Pen testing due to “Command Injections.” Basically command injection allows us to use the website to execute host commands in this case ping command is used against the url like "";ping localhost -c 8;"".
Is any one having any idea how to prevent Command Injections.
I got outcome of pen testing . Please find information that i got.
They used web site url and used "Command injection" .
Attack Type is "Unix Command" ,
Original Value is some encrypted value,
Attack Value is ";ping localhost-c 8;" ,
Error "Attack response time (10800 ms) is longer than original respnose time (0 ms) by 10800
Expected delay due to successful ping command execution is 10000 ms."
I emailed you as well with attached description and recommendation.
Command Injection
Recently i found error in my website during the Pen testing due to “Command Injections.” Basically command injection allows us to use the website to execute host commands in this case ping command is used against the url like "";ping localhost -c 8;"". Is any one having any idea how to prevent Command Injections.
Thanks.
Hey there, could you please send us steps to reproduce this issue to [email protected] so we can have a look? Thanks!
I got outcome of pen testing . Please find information that i got. They used web site url and used "Command injection" . Attack Type is "Unix Command" , Original Value is some encrypted value, Attack Value is ";ping localhost-c 8;" , Error "Attack response time (10800 ms) is longer than original respnose time (0 ms) by 10800 Expected delay due to successful ping command execution is 10000 ms."
I emailed you as well with attached description and recommendation.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.