ShellĀ injection
As the name suggests,Ā shell injectionĀ orĀ commandĀ injectionĀ allows an attacker to inject malicious code into aĀ system shell such asĀ bash. Even web applications use command-line programs for convenience and their functionality. Such processes are typically run within a shell.
For example, if you want to show all the details of a file whose name is given by the user, a naĆÆve implementation would be as follows:
os.system("ls -l {}".format(filename))
An attacker can enter theĀ filenameĀ asĀ manage.py; rm -rf *
Ā and delete all the
files in your directory. In general, it is not advisable to useĀ os.system
. TheĀ subprocessĀ module is a safer alternative (or even better, you can useĀ os.stat()
Ā to get the file's attributes).
Since a shell will interpret the command-line arguments and environment variables, setting malicious values in them can allow the attacker to execute arbitrary system commands.
How Django helps
Django primarily dependsĀ on WSGI for deployment. Since WSGI, unlike CGI, does not...