killchain-compendium/exploit/web/command_injection.md

Command Injection

• Blind injection
• Verbose injection

Blind Injection

• Check via ping, open a tcpdump on ICMP to listen for packets
• Redirect to logfile and read
• Use sleep or timeout to check if ci is possible in general

Functions

• Watch out for
  • eval()
  • exec()
  • passthru()
  • system()