search

Command Injection

system("TZ=`whoami` date")
>>>>>>>>>>>>>>>this leads to these system calls
execve("/bin/sh", ["sh", "-c", "TZ=`whoami` date"], {...})
execve("/usr/bin/whoami", ["whoami"], {...})

Backticks make the shell run the input and replace the result within the place of backticks

system("TZ=; whoami # date")
execve("/bin/sh", ["sh", "-c", "TZ=; whoami # date"], {...})
execve("/usr/bin/whoami", ["whoami"], {...})

pound # sighn makes the rest of the command comment out.

PreviousSubdomains, directories and Vhost listingNextXSS

Last updated