pk.org: CS 419/Lecture Notes

Command Injection

Terms and concepts you should know

Paul Krzyzanowski – March 23, 2025
  • Integer overflow & underflow
  • Casting differnt types of ints
  • Command injection
  • Escaping characters
  • Parameterized queries
  • system, popen
  • Python subprocess
  • Python compile, eval, exec
  • String formatting attacks
  • PATH environment variable
  • Function interposition
  • LD_PRELOAD environment variable
  • Assumptions about open files
  • Problems with obscurity
  • Path traversal vulnerabilities
  • Unicode problems
  • TOCTTOU attacks
  • Problems with temp file creation