killchain-compendium/exploit/web/command_injection.md

344 B

Command Injection

  • Blind injection
  • Verbose injection

Blind Injection

  • Check via ping, open a tcpdump on ICMP to listen for packets
  • Redirect to logfile and read
  • Use sleep or timeout to check if ci is possible in general

Functions

  • Watch out for
    • eval()
    • exec()
    • passthru()
    • system()