OS Cmd Injection
Using seperators to inject command
Feedback injection in mail
Output redirection
If OS command injection identified, and filter in place preventing complex command injection, attempt to redirect output to writable folder. Identify a path traversal vulnerability that allow reading of files only in current WEB APP.
Identify the working directory using
pwd
command output redirected, and appending tooutput.txt
file every bash command stdout.
get output data
Last updated