Command Injection
Injection Operators
Injection Operator | Injection Character | URL-Encoded Character | Executed Command |
Semicolon |
|
| Both |
New Line |
| Both | |
Background |
|
| Both (second output generally shown first) |
Pipe |
|
| Both (only second output is shown) |
AND |
|
| Both (only if first succeeds) |
OR |
|
| Second (only if first fails) |
Sub-Shell |
|
| Both (Linux-only) |
Sub-Shell |
|
| Both (Linux-only) |
Linux
Filtered Character Bypass
Code | Description |
---|---|
| Can be used to view all environment variables |
Spaces | |
| Using tabs instead of spaces |
| Will be replaced with a space and a tab. Cannot be used in sub-shells (i.e. |
| Commas will be replaced with spaces |
Other Characters | |
| Will be replaced with |
| Will be replaced with |
| Shift character by one ( |
Blacklisted Command Bypass
Code | Description |
---|---|
Character Insertion | |
| Total must be even |
| Linux only |
Case Manipulation | |
| Execute command regardless of cases |
| Another variation of the technique |
Reversed Commands | |
| Reverse a string |
| Execute reversed command |
Encoded Commands | |
| Encode a string with base64 |
| Execute b64 encoded string |
Windows
Filtered Character Bypass
Code | Description |
---|---|
| Can be used to view all environment variables - (PowerShell) |
Spaces | |
| Using tabs instead of spaces |
| Will be replaced with a space - (CMD) |
| Will be replaced with a space - (PowerShell) |
Other Characters | |
| Will be replaced with |
| Will be replaced with |
Blacklisted Command Bypass
Code | Description |
---|---|
Character Insertion | |
| Total must be even |
| Windows only (CMD) |
Case Manipulation | |
| Simply send the character with odd cases |
Reversed Commands | |
| Reverse a string |
| Execute reversed command |
Encoded Commands | |
| Encode a string with base64 |
| Execute b64 encoded string |
Last updated