Web applications attacks/Command injection
Jump to navigation Jump to search
- WebGoat Command Injection lesson will teach you how to inject commands (netstat and ifconfig) through a non-purified text field and get the results.
- Get a shell from a command injection vulnerability
- Control and purify data that are sent from the browser on server-side.
- Enforce coding standards: Use prepared statements and stored procedures to avoid SQL injections
- Use mysql_real_escape_string() function.
- Use white lists input validation