🟩OS Command Injection
OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data.
Useful commands
Purpose of command | Linux | Windows |
---|---|---|
Name of current user | whoami | whoami |
Operating system | uname -a | ver |
Network configuration | ifconfig -a | ipconfig /all |
Network connections | netstat -tunl | netstat -an |
Running processes | ps -ef | tasklist |
Blind OS command injection
Method | Command |
---|---|
Time delays | |
Redirecting output | |
Out-Of-Band (OOB) DNS lookup. You can use Burp Collaborator |
Useful meta characters
Last updated