Code execution (Unix)

Code execution (Unix)

Published on 2006-12-12. Updated on 2007-03-20.

Description:
This web service is possibly vulnerable to code execution attacks.

Code injection vulnerabilities occur where the output or content served from a Web application can be manipulated in such a way that it triggers server-side code execution. In some poorly written Web applications that allow users to modify server-side files (such as by posting to a message board or guestbook) it is sometimes possible to inject code in the scripting language of the application itself.

Impact:
A malicious user may execute arbitrary system commands with the permissions of the web server.

Recommendation:
Your script should filter metacharacters from user input.

Tags: Web Services - Parameter manipulation,Code Execution

Alert Tags: code_execution
ApplicableApplicationServer : All
ApplicableOS: Unix
ApplicableWebServer: All

References:

Security Focus - Penetration Testing for Web Applications (Part Two)

OWASP PHP Top 5

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking