Codecademy Logo

Don't Mean To Inject But Here Comes Shell Injection Attacks

Shell Injection Vulnerabilities

Shell Injection is a very dangerous type of injection vulnerability that can occur when a server executes shell commands based on user input from a website.

Normal use of shells

It’s not abnormal for programs, including website backends, to use shell commands. Shells provide a powerful and convenient method of allowing programs to invoke and “talk” to one another.

The dangers of shell injection

Shell injection is very dangerous because of how much power it can give an attacker over a server. Even in a best case scenario, it still gives the attacker the same permissions and access as the webserver software itself.

Identifying Shell Injection Vulnerabilities - Frontend

If you don’t have access to the back-end code, you can still look for shell injection vulnerabilities! If you think there’s an input field that is used by the server to execute shell commands, you can try providing malformed inputs that contain special characters used by the shell and/or attempt harmless demonstrations of shell injection.

Learn more on Codecademy