Photo by Gabriel Heinzer on Unsplash
Some web applications make calls to operating systems so that they can communicate with the operating system or hardware. OS calls include functions like:
- Process control: monitoring what an application is doing and providing for termination
- File management: giving the application access to interact with files
- Device management: requesting or managing hardware like processing power
- Information maintenance: managing or maintaining information as part of keeping data updated
- Inter-process communication: coordinating processes for effective operation
Insecure OS command calls allow users to supply invalidated inputs. In other words, the malicious actors can take the OS command call, add an additional query notation, and gain valuable information about how to exploit the application.
