Skip to content

Commit

Permalink
Merge pull request #681 from the-pythonist/the-pythonist-patch-1
Browse files Browse the repository at this point in the history
Update README.md
  • Loading branch information
swisskyrepo authored Oct 15, 2023
2 parents 6c38c3c + 82c3cd9 commit c95a0a1
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions Command Injection/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -113,9 +113,10 @@ command1 | command2 # Pipe the output of command1 into command2

### Bypass without space

* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space.
* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space. `$IFS` does not directly work as a seperator in commands like `ls`, `wget`; use `${IFS}` instead.
```powershell
cat$IFS/etc/passwd
cat${IFS}/etc/passwd
ls${IFS}-la
```
* In some shells, brace expansion generates arbitrary strings. When executed, the shell will treat the items inside the braces as separate commands or arguments.
```powershell
Expand Down

0 comments on commit c95a0a1

Please sign in to comment.