Command Injection Testing
Parameter | Objective |
---|---|
| What is the system output from using help menu commands? |
| Unix only; run echo after initial command |
| Perl-specific injection to open files |
| Run command if the initial command returns non-zero as the exit status |
| Run initial command as background task and run next task immediately |
| Run if the initial command returns zero as the exit status |
| Unix-only; Bash command execution |
| Unix only; using generic process substitution |
| Unix only; using process substitution |
Identifying Blacklisted Characters
Check in Burp with each Command Injection operators.
Bypassing Space Filters
Bypassing Other Blacklisted Characters (Linux)
Bypassing Other Blacklisted Characters (Windows)
Bypassing Blacklisted Commands (Linux)
Last updated