Description

This plugin will find OS commanding vulnerabilities. The detection is performed using two different techniques:

  • Time delays
  • Writing a known file to the HTML output

With time delays, the plugin sends specially crafted requests that, if the vulnerability is present, will delay the response for 5 seconds (ping -c 5 localhost). When using the second technique, the plugin sends specially crafted requests that, if the vulnerability is present, will print the content of a known file (i.e. /etc/passwd) to the HTML output This plugin has a rather long list of command separators, like “;” and “`” to try to match all programming languages, platforms and installations.

Plugin type

Audit

Options

This plugin doesn’t have any user configured options.

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.