Command Injection - Zacham17/my-tech-journal GitHub Wiki

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.(OWASP)

Command injection could range anywhere from exploiting field variables to execute a command to find network information of a device to gaining a reverse shell or adding malicious files to the target device. An example of command injection being used in a vulnerable php environment can be found here