Talk:Command Injection

From OWASP
Jump to: navigation, search

The examples 1 through 3 and 5 are kind of old and redundant.

I would advise rather

  • adding one more web application specific vulnerability and put them on the top
  • adding shellshock
  • for C-oldfart stuff I would at least replace ls -l by rm -rf /
  • I would restrict on ONE example in C. It's not very often nowadays that somebody has written a SUID/SGID wrapper. This is more a school example than of practical use.