COMMAND INJECTION


Please sign in to view the rest of this entry.

COMMAND INJECTION
1011404COMMAND INJECTION
<anchor role="natural" id="p2001b4bf9980172"></anchor><emphasis role="bold">OVERVIEW OF THE SIN</emphasis> In 1994 the author of this chapter was sitting in front of an SGI computer running IRIX that was simply showing the login screen. It gave the option to print some documentation, and specify the printer to use. The author imagined what the implementation might be, tried a nonobvious printer, and suddenly had an administrator window on a box the author not only wasn’t supposed to have access to, but also wasn’t eve…
Citation
Michael Howard; David LeBlanc; John Viega: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. COMMAND INJECTION, Chapter (McGraw-Hill Professional, 2010), AccessEngineering Export