Command injection is another input validation error, which derives in the interaction directly with the operating system. It is usually because the application is using a function, such as exec(), execve(), or system().

Like SQL injections and all the vulnerabilities described in this chapter, OS command injection could be detected by using the scanner method and following similar steps. So, we will describe how to detect this vulnerability in a manual way.