mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
18 lines
692 B
Markdown
18 lines
692 B
Markdown
# Command Injection
|
|
|
|
## Description
|
|
Command injection is a cyber attack that involves executing arbitrary commands on a host operating system. This vulnerability occurs when an application passes unsafe user-supplied data to a system shell.
|
|
|
|
## Common Attack Vectors
|
|
- System administration interfaces
|
|
- File upload functionality
|
|
- Network diagnostic tools (ping, traceroute)
|
|
- Backup/restore functions
|
|
- Any feature that executes system commands
|
|
|
|
## Testing Approach
|
|
Submit command separators and system commands in input fields to test if the application executes arbitrary commands.
|
|
|
|
## Payloads
|
|
See `command-injection-payloads.txt` for a comprehensive list of command injection payloads.
|