rce #hacking #injection

#rce #hacking #injection 
source: https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)
# Testing for Command Injection (OTG-INPVAL-013)

**This article is part of the new OWASP Testing Guide v4.**  
Back to the OWASP Testing Guide v4 ToC:
   [https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents](https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents)
Back to the OWASP Testing Guide Project:
   [https://www.owasp.org/index.php/OWASP_Testing_Project](https://www.owasp.org/index.php/OWASP_Testing_Project)

- [1Summary](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Summary)
- [2How to Test](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#How_to_Test)
- [3Special Characters for Comand Injection](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Special_Characters_for_Comand_Injection)
- [4Code Review Dangerous API](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Code_Review_Dangerous_API)
- [5Remediation](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Remediation)
    - [5.1Sanitization](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Sanitization)
    - [5.2Permissions](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Permissions)
- [6Tools](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Tools)
- [7References](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#References)

## Summary

This article describes how to test an application for OS command injection. The tester will try to inject an OS command through an HTTP request to the application.