记录在做 burp lab 时学会的知识点。
# Executing arbitrary commands
最基础的 payload
1 |
|
2. 常用指令
1 |
|
# Detecting blind OS command injection using time delays
1 | & ping -c 10 127.0.0.1 & |
# Exploiting blind OS command injection by redirecting output
配合目录穿越使用
1 |
|
# Exploiting blind OS command injection using out-of-band (OAST) techniques
1 |
|
# Ways of injecting OS commands
- 仅 Unix 系统下使用的分隔符:
1
2
3
;
Newline (0x0a or \n)
还可以通过以下方式执行命令:1
2`injected command`
$(injected command )