Welcome! In this lesson, we’ll take a more technical look at how shell injection happens, how to identify the vulnerability, and how we can deal with them.

Theoretically, shell injection can happen any time an unsanitized user’s input is used to invoke a shell command. Usually, this is in the context of the user’s input from a website executing a shell command on the backend server, but it doesn’t always have to be that way.

Shell injection also isn’t limited to any specific programming language. Most languages have some way of invoking a system’s shell. Linux and Unix were, and still are, structured with the idea that programs should invoke other programs through the system’s shell as part of normal operation. It isn’t innately bad for a program to use shell commands, but we must be careful, and there are usually safer ways to accomplish the same goal.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?