This plugin will find OS commanding vulnerabilities. The detection is performed using two different techniques:
- Time delays
- Writing a known file to the HTML output
With time delays, the plugin sends specially crafted requests that, if the vulnerability is present, will delay the response for 5 seconds (ping -c 5 localhost). When using the second technique, the plugin sends specially crafted requests that, if the vulnerability is present, will print the content of a known file (i.e. /etc/passwd) to the HTML output This plugin has a rather long list of command separators, like “;” and “`” to try to match all programming languages, platforms and installations.
This plugin doesn’t have any user configured options.
This plugin has no dependencies.