Overview
Explore the intricacies of command injection vulnerabilities and their detection through this 30-minute Black Hat conference talk. Delve into the prevalence and high impact of command injection attacks across various operating systems and programming languages. Learn about Commix, an open-source tool designed to automate the detection and exploitation of command injection flaws in web applications. Discover the tool's extensive functionalities and its high success rate in identifying vulnerable applications. Gain insights into a comprehensive analysis and categorization of command injection attacks, and witness the revelation of several 0-day vulnerabilities detected by Commix in various web-based applications, ranging from home services to web servers.
Syllabus
Commix: Detecting and Exploiting Command Injection Flaws
Taught by
Black Hat