• Command injection is an attacking method in which a hacker alters the contents of the webpage by using HTML code into the input mechanism and by identifying the form fields that lack valid constraints

Insecure Code

  • In the code, attackers can execute multiple commands separated by two ampersands passing a string “&& del c://dbms\\*.*"

Secure Code

  • The code snippet uses whitelisting to prevent command injections