...
A less likely, though more pernicious form of OS command injection is portrayed in this noncompliant example. The program spawns a shell (*nix) or a command prompt (Windows) and allows passing arguments to external programs. Sometimes the shell or prompt is just used to set an environment variable to a user defined value. The programName string is expected to hold the program's name, as well as the arguments. An adversary can terminate the command with a command separator (such as '&&' and '||') or cause the output of the program to be piped to a sensitive file for the purpose of causing a denial of service (privileged program), or even worse, redirect some sensitive output to a non sensitive location.
...