whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/exploit/web/command_injection.md

20 lines
344 B
Markdown
Raw Blame History

# Command Injection
* Blind injection
* Verbose injection
## Blind Injection
* Check via ping, open a `tcpdump` on ICMP to listen for packets
* Redirect to logfile and read
* Use `sleep` or `timeout` to check if ci is possible in general
## Functions
* Watch out for
* `eval()`
* `exec()`
* `passthru()`
* `system()`
Reference in New Issue View Git Blame Copy Permalink