and not hackers.
Sorry that was a lame joke ☹Okay lets find out what makes an application vulnerable to command injection.
It happens when application passes unsafe data to a system shell in form of forms, cookies, headers etcAnd now let’s see how to perform command injection attacks.
For reference we will be using a code snippet from OWASP.
This code executes the command “cat” used to print content of a file and normally with reference to this code the output will beNow an attacker may put a semicolon and a command after it and it will be executed with ease.
For example if i put a command ls after putting semicolon and a command to end of this line then output will beAnd that’s how command injection works ☺Now we are done with code injection and command injection so now comes the turn of POC’s and Writeup’s and as i believe in quality over quantity so i will include only those which i find helpful and informational.
Write up’s and POC’shttps://www.
html?view=sidebarSo go ahead and read them all.
They contain plethorea of information.
Last but not the least we are ended up with tools some tools which i found helpful areToolshttps://github.
com/commixproject/commixalso check out this payloads list as well https://github.
com/swisskyrepo/PayloadsAllTheThings/tree/master/Remote%20commands%20executionAnd at last thankyou so much for reading guys i hope you liked it i will meet you next time with more awesome content and stories till then have a safe hack.
php/Command_Injection.. More details