Shritam Bhowmick Explains Shell Injection v/s Remote Code Execution v/s Code Injection – Yes, they are Different!

Shell Injection v/s Remote Code Execution v/s Code Injection

By Shritam Bhowmick
Web Application Penetration Tester

The Bare Beginning

I promised to deliver yet another quality content on my blog and as promised after this particular post, my true intentions were to go ahead with posting something deep on HTTP Parameter Pollution. Looking at the awareness level (read the comments for a deep approach insight on application security!) of incoming proclaimed security researchers or bug hunters, I recently decided to make my point across and let the info-sec community know the real concepts behind Application Injection vulnerabilities. This post is focused to switch off the ego gap and provide a platform for others to realize core concepts and the necessity of such concepts to be applicable to adaptive application penetration testing!

I quickly realized the core necessity of a distinguished vulnerability levels according to their categorization and be real technical about the application security issue, most focused primarily on this post on Injection level web vulnerabilities which are very common if dug enough into. On a recent conversation with many of ‘elite’ bug hunters, I noticed, there is a huge gap on the technical consciousness level they possess and likely end up only getting T-shirts for the sake of name on Hall of fame (No pun intended!). Money would encircle you girls, knowledge will encircle you girls, cars, super-bikes and alike!

Continue reading