I observed that my system is vulnerable to remote OS command injector attack. What would be the impact of Remote OS command injector attack?
Asked
Active
Viewed 84 times
-4
-
What user runs the injected process? Is your system connected to other systems? – anon May 28 '17 at 16:06
-
It is a web application. – user233558 May 28 '17 at 16:17
-
Where is it? :) – Fis May 28 '17 at 17:55
1 Answers
2
If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
The question pretty much answeres itself: The attack can run code on your machine allowing him to run any malware. There are a few boundaries for hackers like the size of the code to be executed or the privileges to malware is run with, however, hackers have overcome this problems with various techniques like small "loaders" which make space for a bigger malware to come and then download it or exploits to bypass privilege restrictions etc.
To make use of the quote above, being able to run a program without restrictions can lead to pretty much everything from stealing your passwords and banking information to holding your PC ransom or destroying it.
VincBreaker
- 881
- 1
- 6
- 13
-
Thank you for the explanation. Between my question is, what would be the potential impact in such exploit? – user233558 May 28 '17 at 16:18
-
The impact would be a (potential full) compromise of your maschine, so it's not your maschine anymore (see my edit) – VincBreaker May 28 '17 at 16:20
-
3And full compromise of the machine might not be the worst thing which could happen. If the machine is inside a trusted local network it can be used to mount attacks against the other machines in the network. Also, sensitive data could be exfiltrated, the machine could be used to deliver spam or to mount DOS attacks against other systems. – Steffen Ullrich May 28 '17 at 16:45