image

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

See this previous blog for this subject:

Software insecurity: Insecure Interaction Between Components

So what is an “OS Command Injection”? (From:

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

C# Example:

Code Snippet
  1. public void cmdExecution(String ident)
  2.  {
  3.    ProcessStartInfo proStartInfo = new ProcessStartInfo("KidnappedProgram.exe");
  4.    proStartInfo.UseShellExecute = true;
  5.    proStartInfo.Arguments = ident;
  6.    Process.Start(proStartInfo);
  7.  }

Basically, most languages have a programming objects that will run other code, and in this case KidnappedProgram.exe uses the shell.  If the hacker can get KidnappedProgram.exe to run CMD.EXE on windows (and this can occur in Java as well), then the hacker can take over the computer.  Since in this case the program KidnappedProgram is running the hack, security systems might not catch that a hacker has taken over the system.

How to prevent?

Use DLL s or the equivalent library calls instead of applications

Run in a sandbox

Finally:

Use a certified security specialists to audit your code, certainly don’t rely on my blog, this is just a FYI type of note.