Command injection is likely the most dangerous of all known web application attack vectors. Most attackers seek to exploit vulnerabilities in the hope that they will ultimately find a way to execute arbitrary commands on the underlying operating system. Command-execution vulnerabilities provide that capability without any additional steps. In this recipe, we will discuss how to write a custom script for validating remote code-execution vulnerabilities 
with ICMP traffic.
Validating command-injection vulnerabilities with ICMP traffic
Getting ready
To perform command-injection testing against a target using ICMP echo request confirmation, you will need to have a remote system that is running one or more web applications that are vulnerable to command injection...