Command Injection Operators:
| Injection Operator | Injection Character | URL-Encoded Character | Executed Command |
|---|---|---|---|
| Semicolon | ; |
%3b |
Both |
| New Line | \\n |
%0a |
Both |
| Background | & |
%26 |
Both (second output generally shown first) |
| Pipe | ` | ` | %7c |
| AND | && |
%26%26 |
Both (only if first succeeds) |
| OR | ` | ` | |
| Sub-Shell | ```` | %60%60 |
Both (Linux-only) |
| Sub-Shell | $() |
%24%28%29 |
Both (Linux-only) |
These are generally compatible with all OS