Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/qeeqbox/os-command-injection
A threat actor may inject arbitrary operating system (OS) commands on target
https://github.com/qeeqbox/os-command-injection
command infosecsimplified injection os os-command-injection qeeqbox vulnerability
Last synced: 2 days ago
JSON representation
A threat actor may inject arbitrary operating system (OS) commands on target
- Host: GitHub
- URL: https://github.com/qeeqbox/os-command-injection
- Owner: qeeqbox
- License: agpl-3.0
- Created: 2023-06-18T04:32:06.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-01-29T00:58:59.000Z (10 months ago)
- Last Synced: 2024-05-01T11:27:24.370Z (7 months ago)
- Topics: command, infosecsimplified, injection, os, os-command-injection, qeeqbox, vulnerability
- Homepage:
- Size: 108 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A threat actor may inject arbitrary operating system (OS) commands on target
## Example #1
1. Threat actor crafts a malicious request to a vulnerable target
2. The target process the malicious request and returns the result
## Code
#### Target-Logic
```php
$result = exec("ping -c4 ".$_GET["ip"]);
echo($result)
```
#### Target-In
```
x 2>/dev/null || whoami
```
#### Target-Out
```
root
```
## Impact
High
## Names
- Command Injection
## Risk
- Read & write data
- Command execution
## Redemption
- Input validation
## ID
154d5db5-9614-42f9-9898-3355a7b7848f
## References
- [wiki](https://en.wikipedia.org/wiki/sql_injection)