Semicolon
Command injection with the semicolon symbol (;) can be used on ONLY Linux. The semicolon is used to delimit multiple commands, allowing them to be executed sequentially. On Windows, the command separator in the shell is the ampersand (&) instead of the semicolon.
ping=127.0.0.1;whoamihttp://shelled.io?ping=127.0.0.1%3bwhoamiNew Line
Command injection with a newline character (\n) can used on both Windows and Linux. A newline character is used to represent the end of a line in many programming languages and operating systems.
ping=127.0.0.1\nwhoamihttp://shelled.io?ping=127.0.0.1%0awhoamiBackground
Command injection with the background "&" symbol can be used on both Windows and Linux. The "&" symbol is used in to run a command in the background, allowing the user to continue interacting with the terminal or executing other commands while the initial command runs asynchronously. On Windows, the command separator in the shell is the ampersand (&) instead of the semicolon.
ping=127.0.0.1&whoamihttp://shelled.io?ping=127.0.0.1%26whoamiPipe
Command injection with the pipe symbol (|) can be used on both Windows and Linux. The pipe symbol is used to redirect the output of one command as input to another command, allowing users to chain multiple commands together.
ping=127.0.0.1|whoamihttp://shelled.io?ping=127.0.0.1%7cwhoamiAND
Command injection with the AND "&&" operator can be used on both Windows and Linux. The "AND" operator is used to chain multiple commands together, allowing the second command to execute only if the first command returns a successful (zero) exit status.
ping=127.0.0.1&&whoamihttp://shelled.io?ping=127.0.0.1%26%26whoamiOR
Command injection with the OR "||" operator can be used on both Windows and Linux. The "OR" operator is used to chain multiple commands together, allowing the second command to execute only if the first command returns a non-successful (non-zero) exit status.
ping=127.0.0.1||whoamihttp://shelled.io?ping=127.0.0.1%7c%7cwhoamiSub-Shell
Command injection with the sub-shell "``" operator can be used on ONLY Linux. In Unix-like shells, the backtick (`) symbol is used to indicate command substitution, where the output of the command enclosed within the backticks is replaced by the result of the command.
ping=127.0.0.1`whoami`http://shelled.io?ping=127.0.0.1%60whoami%60Sub-Shell
Command injection with the sub-shell "$()" operator can be used on ONLY Linux. The $() syntax is used to execute commands within a sub-shell and capture the output of those commands. It is a more modern and preferred way of performing command substitution compared to using backticks (``).
ping=127.0.0.1$(whoami)http://shelled.io?ping=127.0.0.1%24%28whoami%28IFS
Command injection space filter bypass with the Internal Field Separator "${IFS}" can be used ONLY on Linux. The ${IFS} (Internal Field Separator) is an environment variable used by the shell to determine how to split words in a given input line into separate arguments. By default, the value of ${IFS} is set to a space, tab, and a newline character. We can treat the internal feild separator as a space to bypass space filters.
ping=127.0.0.1;${IFS}whoamihttp://shelled.io?ping=127.0.0.1%0a${IFS}whoamiTabs
Command injection space filter bypass with tabs "\t" can be used ONLY on Linux.Command injection space bypass with tabs (%09) is a technique used by attackers to bypass input validation and filtering mechanisms that attempt to block or sanitize space characters in user input. In some cases, spaces are commonly blocked to prevent command injection attacks. However, if the application does not account for other whitespace characters like tabs, an attacker can use tabs (%09) to inject malicious commands.
ping=127.0.0.1;\twhoamihttp://shelled.io?ping=127.0.0.1%0a%09whoamiBrace Expansion
Command injection space filter bypass with bash brace expansion "{ls,la}" can be used ONLY on Linux. Brace expansion is a feature in shells like Bash that allows the user to generate multiple strings by specifying patterns inside curly braces.
ping=127.0.0.1;{ls,la}http://shelled.io?ping=127.0.0.1%0a{ls,la}