The first is the result-based command injection technique and the second is the blind command injection technique. By using commix user can perform two types of command injection. In commix, users can find different enumeration options. Commix attack on target URL using data strings or HTTP header or cookies also on authentication parameters. Working of CommixĬommix tool comes with different modules installed within it which lets its user find out vulnerability in the target application. This tool works as a tester of a command injection vulnerability in websites and web applications. The interactive console is very similar to metasploitable 1 and metasploitable which makes it easy to use. You must have python installed on your kali Linux operating system. In terms of cyber security, command injection is also called shell injection. Command injection is a vulnerability that usually occurred in web applications. This tool is a powerful tool used for exploiting command injection vulnerabilities in websites and web applications.
Introduction to CommixĬommix is a free and open-source tool available on GitHub. The command injection vulnerability gave rise to another new type of command injection which is SQL command injection. The history of command injection is very interesting because command injection was accidentally discovered by a programmer in Norway in mid-1997. This user data can be of any type which can be HTTP headers or cookies or forms etc. This attack can be possible if a web application is sending user data to its system shell through some connectivity. Command injection is a hacking technique in which hackers execute commands in the host operating system through vulnerable web applications after scanning.
Command injection lies in the OWASP top 10 every year. In terms of security, we also refer to command injection as shell injection and operating system injection.