OWASP Periodic Table of Vulnerabilities - OS Commanding
Root Cause Summary
OS-level calls are constructed using dynamic data, allowing an attacker to append additional function calls or manipulate parameters of the original call.
Browser / Standards Solution
Generic Framework Solution
Custom Framework Solution
Build safe wrappers for system calls which prevent dynamic data from changing the intended meaning of the call.
Custom Code Solution
Discussion / Controversy
Many common system calls already have safe wrappers in generic application frameworks. Thus, most unsafe calls are likely to be made in the attempt to access application-specific batch processes or system features, and so must have a custom framework wrapper to ensure that the intended syntax is generated safely.