How can you perform OS Command Injection when single-quotes are filtered?
While attempting OS Command Injection on a url.com/?ping= parameter, I see that all single quotes ‘ are being escaped and replaced by \\’.
This is problematic because whenever you submit a value to ?ping= it’s wrapped with two single quote… Continue reading How can you perform OS Command Injection when single-quotes are filtered?