Hi,
This post is regarding OS Injection.
Injection always possible on user input field only. In OS injection first, we need to determine the Operating System (OS) on which the server running.
Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test in your localhost.
We need to sanitize or ban the input which could cause the vulnerability to occur, those are as follows