This interactive lesson describes an operating system command injection attack (aka "OS command injection") as a code injection attack in which attackers exploit a vulnerable web application by creating scripts that execute commands on the web application server operating system. Scripts may be embedded or hidden in user cookies, form data, HTML headers, or the web application code itself. Execution of the commands enables attackers to steal information from, delete information from, or otherwise compromise the website or webserver.

This interactive lesson was made possible by funding from National Science Foundation Grant # DUE 1601612 at Brookdale Community College in Lincroft, New Jersey – PI Mike Qaissaunee, with contributions from Dr. John Sands & Susan Sands of Moraine Valley Community College and Jaime Mahoney of Bunker Hill Community College.

All Interactive Lessons