Working of Commix
Commix tool comes with different modules installed within it which lets its user find out vulnerability in the target application. Commix attack on target URL using data strings or HTTP header or cookies also on authentication parameters. In commix, users can find different enumeration options. By using commix user can perform two types of command injection. The first is the result-based command injection technique and the second is the blind command injection technique.
Result Based Command Injection: RBCI or Result Based Command Injection technique is a type of command injection technique in which all commands that the attacker fires in a web application will reflect back to the attacker.
Blind Command Injection Technique: BCIT is a command injection technique where the attacker has not received any reflection back from the browser.
Commix – OS Command Injection and Exploitation Tool
In terms of security, we also refer to command injection as shell injection and operating system injection. Command injection lies in the OWASP top 10 every year. Command injection is a hacking technique in which hackers execute commands in the host operating system through vulnerable web applications after scanning. This attack can be possible if a web application is sending user data to its system shell through some connectivity. This user data can be of any type which can be HTTP headers or cookies or forms etc. The history of command injection is very interesting because command injection was accidentally discovered by a programmer in Norway in mid-1997. The command injection vulnerability gave rise to another new type of command injection which is SQL command injection.