Command Injection - TairinySimeonato/WebAuditing GitHub Wiki
|| , && and ; → ways to break out of command injection.executing commands in sequence in linux
-
&& → only executes the 2nd command if the 1st is TRUE
-
|| → only executes the 2nd command if 1st is FALSE
-
; → executes the 2nd command if either the 1st is true or false. Doesnt depend one the 1st command to be executed
There was other examples: * | → inserts the 1st result of the 1st command into the result of the 2nd command * & → background process
-
$() makes a command a function and will return the result of that command. It is called command substitution and it invokes a subshell.
-
# -
cmd
$_POST['example']
$_GET["example"]
$_REQUEST["example"]
$_COOKIE["example"]
$_SERVER['example'] // example: HTTP_USER_AGENT, if it starts with HTTP_ it is controlled by the user
$_FILESexec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
`` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
escapeshellarg() and escapeshellcmd() - which can help harden functions such as exec(), shell_exec(), passthru() and system().