mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00

Files

T

copilot-swe-agent[bot] 0a48c19312 Add NoSQL, CSV, File Upload vulnerabilities and enhance Command Injection

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:45:07 +00:00

command-injection-payloads.txt

Add NoSQL, CSV, File Upload vulnerabilities and enhance Command Injection

2026-01-04 19:45:07 +00:00

README.md

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

Command Injection

Description

Command injection is a cyber attack that involves executing arbitrary commands on a host operating system. This vulnerability occurs when an application passes unsafe user-supplied data to a system shell.

Common Attack Vectors

System administration interfaces
File upload functionality
Network diagnostic tools (ping, traceroute)
Backup/restore functions
Any feature that executes system commands

Testing Approach

Submit command separators and system commands in input fields to test if the application executes arbitrary commands.

Payloads

See command-injection-payloads.txt for a comprehensive list of command injection payloads.