Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source 
Prefer ${IFS} to $IFS when doing filter bypass without space as $IFS does not work as a separator for certain commands.
This commit is contained in:
the-pythonist 2023-10-12 14:51:23 +02:00 committed by GitHub
parent eebea7cb4d
commit 82c3cd92d1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Command Injection/README.md
View file

@ -113,9 +113,10 @@ command1 | command2 # Pipe the output of command1 into command2
### Bypass without space
* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space.
* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space. `$IFS` does not directly work as a seperator in commands like `ls`, `wget`; use `${IFS}` instead.
```powershell
cat$IFS/etc/passwd
cat${IFS}/etc/passwd
ls${IFS}-la
```
* In some shells, brace expansion generates arbitrary strings. When executed, the shell will treat the items inside the braces as separate commands or arguments.
```powershell