What is OS Command Injection? How to find it? How to use it?

What is os command injection?

Os command injection-(operating system command injection)-It is a security vulnerability that arises as a result of a Web application running the input from the User directly on the operating system existing on the server. Command Injection attack occurs mostly due to insufficient input control mechanism. Remote access to the system in the system where the vulnerability exists many operations such as provisioning, deleting files, adding and changing files can be done.

How to find os command injection?

Just as with SQL injection, the operating system can show us the results of command injection, but there are cases where it cannot. For this reason, although the time-delay method is not the most practical, it will provide the detection of these gaps with the highest assurance.
$(sleep 10)
$(whoami)
|| whoami
& whoami
&& whoami
| whoami
;$(whoami)
We can use some commands as above and instead of whoami command we can also write:

Simple os command injection vulnerable php code:
<?php
$ip = $_POST[‘ip’];
$cmd = system(‘ping’.$ip);
echo $cmd
?>
If we write ;cat /etc/passwd as the input and see vb/passwd, we will see it.
a little practice now

As you can see, let’s write some commands to the value in the storeid parameter. For example:

| whoami
And let’s see the result:

As you can see, we have printed the output of the command on the Web page.
But we don’t always know how to print like this.
When we can’t print, we can reach that file by printing the output of the command to any file locally, with the tactic we apply below. For example:

||whoami>/var/www/images/output.txt

With this payload, we print the whoami command to a file named output.txt.

In order to reach that file, we need to capture the http request going to any image or file in the Web application with Burp Suite.

When we replace filename=53.jpg with filename=output.txt, the output.txt content will come.