What is Command Injection?
Example:
ls command injection that lists directory contents of files and directories
How to detect command injection ?
SOC168 — Whoami Command Detected in Request Body
Here is the generated alert,
Let’s check about Source IP address:
This IP address was flagged as malicious. Also attackers make lots of attacks by using this IP address.
Lets, look into the Log Management
Playbook Answers:
Reference :