Home > CAPEC List > CAPEC-248: Command Injection (Version 2.10)  

CAPEC-248: Command Injection

 
Command Injection
Definition in a New Window Definition in a New Window
Attack Pattern ID: 248
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

+ Attack Prerequisites
  • The target application must accept input from the user and then use this input in the construction of commands to be executed. In virtually all cases, this is some form of string input that is concatenated to a constant string defined by the application to form the full command to be executed.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Medium

+ Solutions and Mitigations

All user-controllable input should be validated and filtered for potentially unwanted characters. Whitelisting input is desired, but if a blacklisting approach is necessary, then focusing on command related terms and delimiters is necessary.

Input should be encoded prior to use in commands to make sure command related characters are not treated as part of the command. For example, quotation characters may need to be encoded so that the application does not treat the quotation as a delimiter.

Input should be parameterized, or restricted to data sections of a command, thus removing the chance that the input will be treated as part of the command itself.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
Execute unauthorized code or commands
A successful command injection attack enables an adversary to alter the command being executed and achieve a variety of negative consequences depending on the makeup of the new command. This includes potential information disclosure or the corruption of application data.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Description Summary, Solutions_and_MitigationsInternal
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_SeverityInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017