Grunt's personal blog

this is my personal blog for my hacking stuff, my degree stuff, etc

View on GitHub

Command Injection

Operators

Injections

Tipo de Inyección Operadores  
SQL Injection ’ , ; – /* */  
Command Injection ; &&  
LDAP Injection * ( ) &  
XPath Injection ’ or and not substring concat count  
OS Command Injection ; &  
Code Injection ’ ; – /* */ $() ${} #{} %{} ^  
Directory Traversal/File Path Traversal ../ ..\ %00  
Object Injection ; &  
XQuery Injection ’ ; – /* */  
Shellcode Injection \x \u %u %n  
Header Injection \n \r\n \t %0d %0a %09  

Filter evasions for command injection

Base64 encoding command injection

Tools