[Owasp-topten] [Owasp-testing] Fwd: Query about command injection

Pranav Venkat venkatsiva1994 at gmail.com
Thu Feb 9 11:46:55 UTC 2017


Hi Ismael,

Command runs in the dedicated docker (cloudshell) which is provided by
Google, So this directly doesn't affect Google data  it just affects
particular user data (eg. appengine files).

Since it is affecting particular client data , I termed it as Client side
command injection.

Do let me know if you have queries,

Thanks,

On Thu, Feb 9, 2017 at 4:51 PM, Ismael Rocha <ismaelrocha.projetos at gmail.com
> wrote:

> So, congrats for the finding the issue.
>
> Reading quickly it seems to be a regular command injection. At the end
> of the day, this needs to run at the backend, right?
>
> Ismael Goncalves
> https://sharingsec.blogspot.com
>
> On Thu, Feb 9, 2017 at 3:45 AM, Pranav Venkat <venkatsiva1994 at gmail.com>
> wrote:
> > Hi Team,
> >
> >  By March 2016 I found a command injection in Google cloud. I termed it
> as '
> > client side command injection ' due to application behavior itself.
> >
> > Please check this link
> > www.pranav-venkat.com/2016/03/command-injection-which-got-me-6000.html
> >
> > and let me know if we can include it under command injection category
> > (sub-category)
> >
> >
> > Thanks and regards,
> > --
> > Venkatesh S
> > @pranavvenkats
> > skype - venkat19942010
> > http://www.pranav-venkat.com
> >
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-testing
> >
>
>
>
> --
> Ismael Gonçalves
>



-- 
Venkatesh S
@pranavvenkats
skype - venkat19942010
http://www.pranav-venkat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170209/5c2f1390/attachment.html>


More information about the Owasp-topten mailing list