Shell commands injection

Shell command injection is possible when a program uses a data, entered by the user, without filtering it, as an argument of a shell command.

Example: You enter your name in a Web Form, your name is sent to the server then used in a shell command. The server-side code looks like:

system ('echo '.$NAME);

Instead of just entering Yolo, you enter:

YOLO; cat /etc/password;

The server will chain the two commands by executing:

system ('echo YOLO; cat /etc/password;'); 

It is then possible to dump the content of the passwd file.

A command injection gives full control over the server. One can retrieve informations about the server (uname -a), account names (cat /etc/passwd), web server config files, launch a reverse shell...