AppendixÂ C.Â Remote Command Execution Cheat Sheet

This table provides a handy list of techniques that can be used for remote command execution, by language.

TableÂ C-1.Â Remote Command Execution Cheat Sheet

Web Application Environment	Source Code	Additional Information
Java Servlet	class Example extends HTTPServlet { . . . void function() { Runtime r = Runtime.getRuntime(); Process p = r.exec("<command>", <arguments>); } . . . }	http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html
Java Server Pages (JSP)	<% Runtime r = Runtime.getRuntime(); Process p = r.exec("<command>", <arguments>); %>	http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html
Active Server Pages (ASP)	If Windows Scripting Host is installed on the target system: ...

Web Application Environment

Source Code

Additional Information

Java Servlet

class Example
     extends HTTPServlet
{
     .
     .
     .
     void function()
     {
Runtime r = Runtime.getRuntime();
Process p = r.exec("<command>",
<arguments>);
}
     .
     .
     .
}

http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html

Java Server Pages (JSP)

<%
     Runtime r =
Runtime.getRuntime();
     Process p =
r.exec("<command>",
<arguments>);
%>

http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html

Active Server Pages (ASP)

If Windows Scripting Host

is installed on the target

system: ...

Get Web Hacking: Attacks and Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Hacking: Attacks and Defense by Stuart McClure, Saumil Shah, Shreeraj Shah

AppendixÂ C.Â Remote Command Execution Cheat Sheet

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly