# Command Injections To inject an additional command to the intended one, we may use any of the following operators: | **Injection Operator** | **Injection Character** | **URL-Encoded Character** | **Executed Command** | | ---------------------- | ----------------------- | ------------------------- | ------------------------------------------ | | Semicolon | `;` | `%3b` | Both | | New Line | | `%0a` | Both | | Background | `&` | `%26` | Both (second output generally shown first) | | Pipe | `\|` | `%7c` | Both (only second output is shown) | | AND | `&&` | `%26%26` | Both (only if first succeeds) | | OR | `\|\|` | `%7c%7c` | Second (only if first fails) | | Sub-Shell | ` `` ` | `%60%60` | Both (Linux-only) | | Sub-Shell | `$()` | `%24%28%29` | Both (Linux-only) | {% hint style="info" %} In addition to the above, there are a few unix-only operators, that would work on Linux and macOS, but would not work on Windows, such as wrapping our injected command with double backticks (` `` `) or with a sub-shell operator (`$()`). {% endhint %} In general, for basic command injection, all of these operators can be used for command injections `regardless of the web application language, framework, or back-end server`. So, if we are injecting in a `PHP` web application running on a `Linux` server, or a `.Net` web application running on a `Windows` back-end server, or a `NodeJS` web application running on a `macOS` back-end server, our injections should work regardless. {% hint style="info" %} The only exception may be the semi-colon `;`, which will not work if the command was being executed with `Windows Command Line (CMD)`, but would still work if it was being executed with `Windows PowerShell`. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rtlcopymemory.com/command-injections.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.