This plugin will find OS commanding vulnerabilities. The detection is performed using two different techniques:
- Time delays
- Writing a known file to the HTML output
With time delays, the plugin sends specially crafted requests that, if the vulnerability is present, will delay the response for 5 seconds (ping -c 5 localhost). When using the second technique, the plugin sends specially crafted requests that, if the vulnerability is present, will print the content of a known file (i.e. /etc/passwd) to the HTML output This plugin has a rather long list of command separators, like “;” and “`” to try to match all programming languages, platforms and installations.
This plugin doesn’t have any user configured options.
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
This plugin has no dependencies.