Home / Hacking Glossary / Command Injection

Command Injection

A vulnerability where an attacker can execute arbitrary operating system commands on a server through a vulnerable application input.

vulnerability web
Practice Challenges 1 category
Web Exploitation
View challenges
Related Labs 1 lab
Filter

Filter

Easy Local File Inclusion

Your mission is to bypass restrictive filters and exploit Local File Inclusion (LFI) vulnerabilities. But that's not all???use your skills to escalate into Command Injection. Can you manipulate the input and take full control?

PRO
View all labs →
Active CTF Events 3

SecurityBoat Community CTF Event 2026

Jan 4 - Jan 4, 2026 · 100 players

Bsides Agra CTF 2025

Dec 6 - Dec 7, 2025 · 100 players

Bsides Vizag CTF 2025

Dec 5 - Dec 6, 2025
View all events →
Related Terms 12
Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Directory Traversal IDOR (Insecure Direct Object Reference) LFI (Local File Inclusion) Open Redirect RFI (Remote File Inclusion) SQL Injection (SQLi) SSRF (Server-Side Request Forgery) SSTI (Server-Side Template Injection) XML External Entity (XXE) XPath Injection

Ready to learn Command Injection hands-on?

Put theory into practice with real hacking labs, CTF challenges, and guided courses on Parrot CTFs Events.

Get Started Free