> For the complete documentation index, see [llms.txt](https://krjaeh0.gitbook.io/j-log/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://krjaeh0.gitbook.io/j-log/security/bwapp/comminjection.md).

# comminjection

{% hint style="warning" %}
⚠ Switch to EXCALIDRAW VIEW in the MORE OPTIONS menu of this document. ⚠\
You can decompress Drawing data with the command palette: 'Decompress current Excalidraw file'. For more info check in plugin settings under 'Saving'
{% endhint %}

## Code Block

`http://192.168.56.147/?id=%22%3E%3C/a%3E%3Cscript%3Ealert(%22cmd%22)%3C/script%3E%3Ca%20href=%22`와 같은 URL 인젝션은 **XSS(크로스 사이트 스크립팅)** 공격을 위해 설계된 페이로드입니다. 여기서 `<script>alert("cmd")</script>`는 브라우저에서 실행되어 **팝업 경고창**을 띄우는 자바스크립트 코드입니다. 그러나 이 방식은 클라이언트 측에서 실행되므로 서버의 커맨드 라인에 접근할 수 없습니다.

#### 클라이언트 측 XSS와 서버 측 Command Injection의 차이점

{% stepper %}
{% step %}

### XSS (크로스 사이트 스크립팅)

* 브라우저에서 실행되는 스크립트를 통해 사용자의 세션을 탈취하거나, 다른 브라우저 리소스에 접근하는 클라이언트 측 공격입니다.
* 서버 시스템 명령어를 실행할 수 없고, 주로 사용자 정보 탈취, 악성 스크립트 삽입, 페이지 변조에 사용됩니다.
  {% endstep %}

{% step %}

### Command Injection (커맨드 인젝션)

* 서버에서 사용자의 입력을 직접 **시스템 명령어**로 실행할 수 있을 때 발생하는 서버 측 취약점입니다.
* 서버의 입력값 검증이 충분하지 않아 발생하며, 사용자가 전달한 입력이 서버의 셸 명령어로 실행됩니다.
* 이를 위해서는 서버 측 코드가 PHP의 `system()`이나 `exec()` 함수 등으로 **입력을 시스템 명령어로 실행**하도록 설정되어 있어야 합니다.
  {% endstep %}
  {% endstepper %}

#### Command Injection을 위한 서버 측 취약점이 필요

위 URL처럼 XSS 방식으로는 Command Injection을 할 수 없습니다. 서버에서 사용자의 입력을 시스템 명령어로 실행하는 취약점이 없다면, 클라이언트 측 XSS 페이로드를 통해 Command Injection을 수행할 수는 없습니다.

#### Command Injection을 테스트하려면

Command Injection을 수행하려면 서버가 `?id=<input>`에 전달된 값을 **명령어로 실행**하도록 설정된 경우를 찾아야 합니다. 예를 들어, 서버에서 PHP 코드가 다음과 같이 작성된 경우가 있을 수 있습니다.

{% code title="vulnerable.php" %}

```php
<?php
if (isset($_GET['id'])) {
    $id = $_GET['id'];
    system("ping " . $id);  // 사용자가 전달한 id가 명령어에 포함되어 실행됨
}
?>
```

{% endcode %}

이와 같은 경우에는, 다음과 같이 `id` 매개변수에 명령어를 추가하여 Command Injection을 시도할 수 있습니다.

```
http://192.168.56.147/?id=8.8.8.8; whoami
```

위 요청은 `ping 8.8.8.8; whoami` 명령어를 실행하게 되어, `ping` 명령어 뒤에 `whoami` 명령어가 추가로 실행될 수 있습니다. 그러나 이는 서버 측 코드가 위와 같은 방식으로 작성되어 있을 때만 가능합니다.

#### 결론

지금 시도한 페이로드는 XSS 공격을 위한 것이며, 서버 측 명령어 실행을 위한 취약점이 있는지와는 별개의 문제입니다. Command Injection을 테스트하려면, 서버가 입력값을 시스템 명령어로 실행하는 경우를 찾아야 합니다.

***

## Excalidraw Data

### Text Elements

id 값에 임의의 값을 넣으니 data\_dir/{넣은 값}.txt 파일을 찾아 출력한다. ^h7BqUYNa

<http://192.168.56.147/?id=1%20&&%20ls%20-al%20&&%2025> ^jF0Zf4e4

1 && sl -al && 25 > cat 1 && ls -al && 25.txt 가 될 것을 예상하고 명령어 입력 ^77y2B39V

1 이후에 입력되는 값들이 무시되었다. 원리를 분석해보자 ^SfM0lYMs

더보기 버튼에 id 변수에 저장할 다음 값이 저장되어 있다. ^Ck7Bd3Uz

?id=">alert("cmd")\<a href=" ^zLchubk3

를 넣으면 동작할까? ^pMK0og2Z

alert("cmd")[더보기](file:///2237607/security.zip/) ^Fy385gCj

의도 ^S5Jt0dSP

의도한 결과가 출력 되는 것을 확인했다. 이 방법을 이용해 원하는 스크립트를 실행 시키면 될 것 같다. ^Eifz5XwR

XSS 와 Command Injection의 차이를 제대로 이해하지 못하고 있었다. ^wCfi53OR

<http://192.168.56.147/?id=;pwd;%2025> ^5mLqpDSc

command 가 먹힌다. ^yuQ15JT0

cat /etc/passwd ^Uq2ak2Op

who ^wFFrbCEA

whoami ^eJ9myq4g

uname -a ^BkjN5TdZ

ifconfig ^xqY3r2SF

/etc/shadow 파일에는 접근 할 수 없었다. ^nAITVkCx

### Element Links

9pYa0aIX: [Excalidraw/comminjection.md#Code Block](broken://pages/4d302db7b17763007411a099c66b7c707861dadb)

### Embedded Files

e5839de2fea157ae39e4abc81d8f6c557c5831f6: \[\[topics/assets/images/Pasted Image 20241108141254\_930.png]] 8a253a01c14a4704bed83bd357f27f1a713481ea: \[\[topics/assets/images/Pasted Image 20241108141355\_905.png]] 63284a92aa3c8c009fb8a6db567eed1cecd761a3: \[\[topics/assets/images/Pasted Image 20241108141558\_907.png]] 1074a8e8ae9eb5dc3247daa9846d3176b96e7937: \[\[topics/assets/images/Pasted Image 20241108141720\_909.png]] c28a9261282cd46bf0192b2b70dc2f11f82737a1: \[\[topics/assets/images/Pasted Image 20241108142241\_916.png]] 41410d19b96ab35bef0f8e05d97179198fa60e3a: \[\[topics/assets/images/Pasted Image 20241108142718\_241.png]] 61e5b5c18c2a2fad5f3552165dd254556eb7a21f: \[\[topics/assets/images/Pasted Image 20241108143340\_910.png]] 093d53831718affd39f1c501504449e34cdd1a52: \[\[topics/assets/images/Pasted Image 20241108144358\_060.png]] 521ec13ec774c8dfcf5b714f868f946156390611: \[\[topics/assets/images/Pasted Image 20241108144555\_903.png]] 3b7619705aafc5fa5f910d3630b3dfc118a63069: \[\[topics/assets/images/Pasted Image 20241108145247\_937.png]] 7e2140c2e46f0004c210e691a052a2dca0b76b86: \[\[topics/assets/images/Pasted Image 20241108145318\_100.png]] 27f3b284bd9c44493fa513d00c81bae51624b370: \[\[topics/assets/images/Pasted Image 20241108145413\_924.png]] fb021949bc8ee174da61cf5ecc3102ad3f4bc46c: \[\[topics/assets/images/Pasted Image 20241108145446\_914.png]]

%%

### Drawing

```compressed-json
N4KAkARALgngDgUwgLgAQQQDwMYEMA2AlgCYBOuA7hADTgQBuCpAzoQPYB2KqATLZMzYBXUtiRoIACyhQ4zZAHoFAc0JRJQgEYA6bGwC2CgF7N6hbEcK4OCtptbErHALRY8RMpWdx8Q1TdIEfARcZgRmBShcZQUebTiATho6IIR9BA4oZm4AbXAwUDAiiBJuCAAGADVlAGkAKQBmOuwEkwAOGFwAVlIAIQAtejqAeWSiyFhEMsJ9aKR+YsxuZwSe

ABYFyBhlhoSANm0Adi7NiAoSdW4eLoTtPYBGQ/3Dw7b7+/LDtY38yEkEQjKaTce57W4NPY8Z4Jcr3LrXNqnazKYLccqnZhQUhsADWCAAwmx8GxSGUsdZmHBcIFMmNippcNgccpsUIOMRCcTSRJyRxKdSMlA6ZAAGaEfD4ADKsFREkEHmFEEx2LxAHULpIrhisbiENKYLL0PLSqdWUCOOFsmh7qc2FTsGpttbyujfhAWcI4ABJYhW1A5AC6pxF5HS

PrKcAAVgBFABimLabEIdQGPBxe0JvWI2HxisI7KwZVw5UVrPZFuYfo4QglGIQCGIIIabzaawSDR4rvGDCYrE4IK6e1OjBY7A4ADlOGIQe3DrC9m1yoi3YRmAARVJQBvcEUEMKnTTCdkAUWC6Uyfry4wKv2KpQkpCgdXHAAUABL6VUi/BrABKiAADUkYg9gAcV/e5hWKSZxHQalsSoW8AF9fiDN0hDgYhcC3RtrUOBoPjWBoIS6Yjl27IgOBxbhq1

rN1iSZbc0F3fB9zdTFsKEP0IEQdl82URUxWCcMJAQLo2l2YgEB4EUQjhQ5cAQXYEDWXBNGwN5iDaEU9mwLoukOPSJPuHTFWYdxYKvcYbVve5UPyJCFkKO9cLg4hQI4TRVVwNYOGUAAVEURWUZx/IARzfLoKAAGUVGDplmZR5jdJY0GcB5EgafC50HLoiI7U4nVQZxdnubQPg7GF1g7Y5PlOc5iEuNAeGOeJ3nKTs1iXOF9lOf5AWBZq2m0fYEnEj

4xpuAyiKRPzDS7YplV1TkSTJcg+SpGkhQPRlmTLDkiVWnl1v5LbBPFKUZVgpUiRNdidTVDUtXulU9SuspjUbU1hHNS0QVte1HRBF1Tg9DCfUvNDuxDXAw1cniY3jKBE2TVN00zbNc1OfMpNSuDIO+tliArKsa3wOsmNQL41ihJ49gWyARz7Lhmvp4dezHScOGnNAGhdPmunKNZyLvddN0pli2O7Q8idPNJBUvW9nO7e90EfZ930/b8/0A4CwIgqC

Jnga74LYRDr0cpXb0gVWIHwY9JUlY89j2Gp+n6ABVCg2kjSQAFlx30D37mjQ3oGNotSAQiBkNQ04MKwnCQXwwjiL2Ujm1OSjqLQWjyfothGNcyWEG1TjuN4xw/PO4T4baXBrgaYt7mwe5VLWOc1k0BsJM0YgGgMkUWpFe5cEOe4GmF+4QjMizclszYwDs8YAwcpyV3h9XXw/L8f3/BAgJA8CCbdeKJFNqhTjx9KDO0ZtOw7Hh7jaNpViHN0ipKyF

ypd74bgSceAC1jv27A1JqqAITaG+MAh46dJ43CIj8bs/UgRCjQIceI+x6Y8Enm0PYRFygJBst2ZE81tSvRWtydAABiaedDkrS12mDdklC1oUk2oKGul0DTXU+mZB6CB1SNU1M1chup9SGhugqQmv1Kz/TdHaRkQNnQM3dKyb0vpchQ2KDDOGEZEYJiTCmfoaYMxsCzDmPMBY8YQAbqWI8xM/poGVkbKYzVfiW27GESm7x073BhHsAqbomZjm4PpY

hxQQmcC5jzVAXQKrCxdCLG2YtghJ2YnuUuboZYnjPArGiZN46YWwj4lOQs04Z2SXbfMOdUB5yzoXPExdMmnDgEmC889rxWXGAzIo5RbzaKKN0ookDoEu1BKRNYCDJ6LzAM4DBUIXYdVwfgvmRCBlx3oqEKAhJ9D6DUDhF87S0H+lvK/Rezh7g8E2V4qIj5eg434twFxGA8mZBEugKotRGjNFaMwDo3Q+iDBGFBd0uA4DcEOIvCAIpC5cWWOUeIOD

yi7AhB8QWcJ4ltA8acDIxAHl8Wrs428rz5bvPhrgdynlvK+QCkFEK4VIoxVBcocF3BkmijhX6RF8IOxtByi8MEbxAk4vutSKAABBKOZt/iUoKXRbseKpUIVlRS6V5swCeJvCreGlQ9iEAAPqVHCHATAuAAI4gNQBZwv5JSfE0acM+6AZhzEVNffBZUhZwkCe8Ay/i+Afx2P47Qbx5LjQzk/EBxQwEiNQB3NY2h4SkX8UuF0kIkHFBQYNXgHY77+I

XF8F2PBFziVmiiWCqilp4lYcddhApaQ7SZMwg6XI2EbXrdtN0QluGSL4WIx6wj5G3NehI3ht0vpujNJIEmQ7iiKIdLAYGqiwYaMhsGUMCAPkIzjIY1GJj0bmMxlY3GRYGj4HsUTGdudCnsXrK5UEPAcFTWLezUc/ZrR7ChcEjm0SpywSuTgw4n79iqNXBuNJEsWnZIcXLc8WROnjBcTbeG9tHbO1du7L2Pt/aB2DqHWZ4c3FwXVTHC2i8kMlHhjw

TQdQPZrgSMHY8PA1wAE1nB+00MoD2qoEixnoGHJ1tiSOxxXkUxOpSCLlJImRLONT5X5woo0yDrEsm3PLhGPFTzgzik3fDQJxbVKrFwLgBoGlsAugSCKTQ9c9jEE0IOQ4d6W4IGwMQIDo8GizwIJZBetl7JFC1crSjZRUNOxdm7T23tfYByDiHOKEdz4kavssDuBwoSDj/s/dYrwTiBrSgPYaxaxrrHKPE9sbZ6pPWtMNQc9N2xlYMoQlqfUASoO4

AREaRExpzh4OMgeCQy1kJestQ6VCIC0IQPQxUDIm37RregXkp1OHaYlKOj647+GvSEeAiJAgBFrblBtmR06nGoF2xAedyizsgzdCuiGWj12w10/ondyMjFozMRYrGK5rGns7d2faV7UAvKddc8YWqBB3pBFMgiHZn4ZsZj+lmZ31ivuZjE/9n6hZEPTdjVJCB0moBLgeGDbz4PXoVcUBOJT71lPynAzO9E5MU4U8UBiTSdxQe7G0/M5PTldOtr0s

A/TryDLAMMpeNWln1f8Y11YX7rxgA6wkLrjXesPH6xs0TWzMS7P2TIBsRzecIaKL18q/X8ESQSGNcZCOwAdxGj1AepFrcP2xdrtT9zHlEuByS1IcGt2Uo8l5HyflArBVChFKKsVoWwuwPCtAiLPgvyA62V4k8gOCwGyS1lELeYhu+M/LP00/6isVeyAlVcBLEuvKSgPur9VGpNWai1VqbV2sOA6klceE+oCT4OEDsI2ypYklG4oufuAHAztbq5hC

EivzhAPMvi07mSvVaq+TuL2TKplSENV0c175CC7bP2FAjD0D9mwLo0VVRwBCsMSUHt+g1AAqBACDDoIJedYlD/kBr6rERWbCxzyjWAmQnkKmWDN0FieDnGbCIXhDwUq0HTQDbCn0CT5i6xnyFhawGhOWfgaDuBeGOChBRQ6kXCqVIQrX7QJFGzbSWwbWySYTm1oNrXbTOhWx7THWkWGwHR22oIOyNCO0nR+hOzkWtABiUUXRUVBnUXuzQEDEez0Q

kCjFexRmMVMQxksWxl+3PgaCWEJnLFO3qVvUpmTSFkfUXDR1CV5iuSsN/W5lgiIlT2InhDx3AwJ2UylnpFJzJT52GQo1tmo1o3o0Y2YzYw4y4x4z4wEy/yEwPwthuSp2KUJ0eEk3p0qVkyok3wLiLk5xUzLigF7x4k02rhW2ewkA+C+FwDaAQHrgQASAQHs2zA7A7iwlwHn2AX7keD2E0H2AQCeCyi80NGGV2yXn801XXh1TKCCLowY3uCY1Y3Y0

42414340dViIvjdWWHiS6G0FKw11eAAKSQgLSjwSgSIRfgkjbFKzhCqRjSuCn38UXCuTGjGgKwRykFa2zXEhGit0eFeNfn5QDRITmioJ4JoNbQkAmym0bT2gcXm2gBOg4QYOhgugEKkTumHV1G21jXOyrTeh4XW24IBxEKB3O0uykOu2XVkM0XkMGRhQ3S3RUKRjUI+00O+xVh0LggaCMAvUMLEN91r1B2X0hx8XEj9TaEFg+KiWR2fnOxlIx24G

AVfn0ghCqTA3FmaXyOg1ljJ1Jkp0gGpxSLpwqRkyZyyJZwaVyIyW1O52OUVgF0VyFxFw93GAl2cCgKeNhHSzePEjtzAB+Pn1KieBuEBMODBxXkSMgHwG2T1wOUN2OWyM9ygEryeRr0VTJy3T1UNWNUpBb0tWtVtXtWyFjy5TRHiCFk+CXEHDSKIOhQn2tBFIwAr292r0FIzN8K3VP3P0v2v1v3v0f2f1f3f1BR725TvnKHGWmjIP0nDKynrLZUbP

BzLkfB3woA30tLdCVXXz30jniImKPw3jKEkEOF6DCg9hY3HFwHiyI2gCwH+0WBSw6iOAQUxUlJHzHwgE/hwTuBRSAXSzaGqm+CQPAQ7l2OAwLVy2QS+JOVRzdEoLRGoIROhMm1/wgBmzhKJgRMW2RIfNFDRPekO2JJXy2yqzO34MIsEOIsgCnTJIkIXSKg+GpM9DkP9HpN0XKPQGZN3XUIPS+2PULF0KMEqD5McQFOMK8ShzQBfjn3hDgu7BlKuA

MjsInD/Xa38SIniTZhXHx0J2Jx1NyV8P1NZ0NOSIk1Tmk0ZwomZzqRvUU2tKJy52gnvOmGIFQEACQawABdHUBAAQ8cAA1xvyjywAEXHUBABiRsAB5xwACabUBE5cADVHBSAFBgBQrAABcY8qQm0CgEwCgFQEABhlwAH3GQrAA+GcABFR1AQAHNnABSDsAB1VwAE6btBSxKB/IXKJASAPLvL/LAr3KQqIrorYr4rCBErkq0r3KMqsqcqCriqyqqq6

qGrgxOAoBJRCAjBYJOx5rMhYxYZxQioPitxsqJUiBlBkc7YEARQ8KexHxzACADrARjqoA7RFQ9BMhcB8wmAPkJK51SBAR8wCBmrsrXL2rfKArgqwqoqYrsI4qEqkrUr0rMrsq8rCrUBSqKqar6rFRcAhB7rfxwhlrYIsQhBVM2dXq3wYKQR4hD8ihj94ZIxYxyh+gRQ1gVIbzro9rzrr4uopcvhPgXgn4yIGgTjeA4gJ5dgPUubrd8IQLY174f5d

guoaZ9h+UoLM1SbmoPiELE8kKWCaF6Fp5psmD4StbES612Cu0CLCSiLMSSLsSyK8T9tKKMSJ0SS/BRC/RyTAZKSmKZCWLaS2LFDOLt0WT3t91Psj1tCT0hLzrAcjC7LFopK4koQYQJIgMVKlTPyFS1K0A5LYQDI1qdL3C9KnLIAcliBYN8l5CrZFdgsJAEg3xYwahowhB6B1hfwWM2BMBVRfxyhbVcAVqYjbzNiRMih6SjTzKpMGcqls5jyZA4BF

AFB/Uf4pdyoO4FAAB+EgAAXnuAAFJOwAAyXene8oViQ+5wAgQ+/ew+64RUdnTwwmiYFq9AQAHg3AAEfekFkFnvntBEXrbkOFXo3u3r3oPs7GPs7FPvwHPqAY6i6EaooD+pOSkGno/tWAXsTQOB/r/uIE3ogcPpAfKDAewc7CvvWsWtxquFUVhQ2q2vwB2sdXvJuqOpC1OvOpHCgCuvwHobuoetOCeqiFetIHepjsgBJG+o4F+ofogBfrfpnqUE/o

XFQaXt/rXswYAfKAvuAeYBPrPsAcvugaRExrYGxtYF7rQHxrvuqQtBJtwLJojMCyPIkBeBgB4F6F2BEvWNvNZq2LSi6gwVbDbiXC+Bkv8QFquWGklPEk7Hpl2EfWArdHuMzrbiOGtwXF60eGfmOBwLa1VsGzBKxOrUNpQt1thObWwqRI7S4XRL7XBJxNnT2xHXtsqadtkVdvoqu09tuxpLXS7UZPhm4rez3Q0MPS0J+3Du5KMH0OEMvWjoNKVDjr

hAsJ6mTu/TfWRyfgV0iSR0VOtEeCmXEiBLcM1LyK8KLp8LgwdMQ2tirvQBrrrobqbr/Fbvbs7u7t7oI0EwHrIwrtr1tg4AaHoGPFIH0HfzWBxGjGilAglVmAAndj2BFD7pNmEwSNdNMvE1pzSOImII6kyNqQ+ujKUy1KObvP+oqNQH3tQGYHwGKgIBJd3t4C6FQAAD5UA8Acr7hqXUBWJKWKXSXrg4acrAAAGtQEAAIW1AQAYJqQrAAIMcAEGBwA

DVXAADmtQEAFCuwATg7AAW0dQEAFDxyqmBuBsoVl0l8lzltl64Blpl7CM7NljlsBo13Y8a1AAV4VsV1AKVuVxV1VjVrV4hpa4x3gchhaza/ZahpU2h/aw6464IM6xUFhthjhskLht0Hhl6i0fh1yHFi7L6/wMRol9APVmlg1q17lulxl5l810ly1qlgt3lu1oV0ViVmV+V5VtVzV9G/Rwx0hkx0gAmzIhASxzJs7cmgLSYlyMoa5+uxu5uh5juru

yUHutCt5pLFKSA0EQgyEcWychA/mvLeOu4a4VYAiPKbHFFSW9rRFAtScqEJ+YBCqJWv4FW1AT9NqIhVYABfCG4T9bJxC8E5CnWtCjC4pw2nCspjgipoQ3JwRG2ii82qiy2mi0k07N2yQxim7bsO7H2hQrpp7JkgxPp3ikOoZzkkZ2xHk3kgwsSv0EHL/CMg8ySnxXxSEQcKpRSlAwhFSzZs7ABGfLrYE0WfO2+knXUoypMpIlF5ONFrKSc5+LFwT

3Fhy/Su03nM5oZQXWZF0oexeCXPmO4flM91YNuB4FFa9ooe9p+R92mF954LXVTnXHZAwfXQ5RMzc5M1Mn3F5f3QULdGmumhmpm0s+PcclFF+OHZsQBD1SchcvPO9842XV+J4FXdsKBpsvFJztslzzM+GBxpxlx0csstKJPefbKScsEB4Nsa3Dd2vBs1AW4WEKs74cM+JLKLKJsjiVcncuVBz4obclVXcxLfc2xqYiQDgEUQ4GoSMNYXoSQUgDgTA

GoX8YF/AaKL0BoTa5mhKV1ZLD9OISsl2eXVZVLAWj0pcO+fBa3CSSUnrO4sivmUr5WqxtAdsd9jWz9/90pk2xhWbA2yEhbZ75bU21bepkDq23g3EiD3tf7mD52uihRd2xD5i8GVD9i7pl7QO/pvi0O4ZwS0Z4S0SoHVN7xVya4Q4jqJD9Z5Z9lLjxHZZ1jzFFqeEJ4MnkoXS3jgykuvUk3bVL5+GH5v5gFoFkFsFiF81aF2F15jYhF8HKMiAEe1F

iyxcDqT8yetr6TjnG0gljiQoiuEogSMordbAYtdolJ4tHgVzYBTQEUWEVYTQajOcbMGSd4EUQC7KXAE+LxOecu68UY5eIeimtn5DMoTn/5wFlSXn8FyFwX5b7rs2Tx4qXYPYx+YVGmfApcYJn87o3YQWfSfd1w2Ji7x4O+IiX1F4UAlXK7m9m7wWhNVsTS1LLKIhCW+C0Ej90Dr91Cwpxgt7rCp742771E37yDh2zba25A8i8E4D6iiAWiuDlpj2

onyAFDzp6GBH5QrD1k4O9kgSmxEzIwIwc9EjoHcjojSjiHGZnxOPieG4Onxjs7dOFjjOs7SowJJceS7jg55Xsx4u0ujpBXiXsyqXqTQCtZSTz/jfXxZmMecH/fnG6SU6C4Bkana2ARAwSTwCI8kL4BpWL5FAPS6wAvJXyAzV9UiFnMAPSRjK64bO8ZYgEblpCu9rIUIcqEBjPb5pjOoIC5GbgXBvwYQwsEtBrnF5NcUyrZZ5H7lS5lB0uzjBIK42

7zZc+8eaeJMLC6g3B2oRWO3GCnC7gUngNMfSMLGbD+I24CXFsoSmS58DOyHPQbsN1G7jdJu03WbvN0W7XkfOveZwIikfSsCJ4kpVsHlHwi9YwuTYO4AAn86fovgOxflI11XxrkNytlaZh113ytdiMPXQdj7wkCSgRQfsI+ixj9gllT4sRDxmtzOzjxE0pEY4AMU/Qp41mWwSAnlCOBER04wCY4C4MxZZ9B+JWEaMd0hBY5ASMTaCqX2Fj3c+8mtD

7uNm/Z602+LCDvmwS746IzaIPUfviWqbiFh+f3UfuPwFLwcGKS6L2rDzn46IF+XFJfkHQGb8Uw66PQjpv0joOJsegjI/njw+CAUk0C4FOnhGL4XV0cN/fxJPCyyVl9mEGYAXx0MqnMpOX/YTjcNTigF+UfMAASEJMp2w8WhzMxh42JaAAXccAAja95U1aAAMFsAApTR5UAAnLdCNQCAAWbsAA7Q4iMAATo/VQAA6HAQAAtjgAGs7AAPp2oBAAIb2

ABcQcAAuq4ABeewAAnj2rcRqyzhEIjKqKI9EZiNxEEjiRZIqkbSMZGsjBIC1L1qtV9aUMA2NDU+HQ1DaMMI2r6Vhu4BjY8g423YBNnwwEbTNhGGbfADqxhHwj3WvI9yhiOxF4jCR2gEkRSOpH0jmRbIvRljRxretTGXbHttmjKg2NohlzAOjxTZKDMOSn+W8hxUj4rAuomnHYu5jwQBM9uNMDBN6heAQgO4oaULjUJ2xTIeUg+YiFlFSIZNs0jQi

skLA7jdYDeFBevg90b75NNAdYvoZhQGHdCAOL3EYT3zGHQclQAiSYbwGB5cFOxcw7lJP2h7LDV0D2dDkoRBG7D1+awLHlM1BG48Zwu7fCF1FUQX8oQ0pDZg8JdiQhomL8V4R4XeFM93+fhT5n13QCSAb8v4QgPiFjAcA2AtdTAL0FjBrg3wzgaMIQEqCSg4We5CPoPXwFiYacInVOJE2ILAjU2QAiEdwy4j3V9Aa4CGrwNrwcV5sFGfEmUGoRrg1

gmEzCWHG7ToSJUa4AiQRLDiiN0gyFQ4BKgokUTSMYvZcm6FInXQWRgAGY7UAgABwnAANQM0TeuQ7CQBKnHDjhDg3MeujiDWDRg2A5QD2AaljBJheg9wfyGH2/yrcF2aAdOLcBVzHArkcINsAPDp6fxQCGCVQU4NT5Y5ChZwMir1iqRZoTkgSDoZWgEQlNO+KJekPrXb7NivuTk/Cu2P7GO0AeYHQfrbTqa98GmxQQcTUwuxQ8lh7Tb2qsNFDrDU2

OMPYdUTnHiUThi45qBNHwQtQX0SzZmGEmvZ3DOYN/fIVCHeCLMVYDPI8dLBOZl1wBlNC5rbEvEd0bxd4h8bGCfEvi3xH4r8T+PD4aoB2Z4niegA9iShegLGUgI0H0A1AGgbAQiZgHKCiN38IoeScL37qi8As4vSXsBNLHTQWi4Ek4ZBJf4FEiilcLTD939qgFQC5QYgP4l6J7A1IA8buKbzt4IBSsxAABP8SeK7h6YSkKwexBd61Sl4i8D3vgK95

U1jyV45qfeMfHPjXx74z8d+Lcbwto4GQrSnfCeDvA5aL7F2Ht1hxQJ6YQsdOIBUfbAIj21oSeImgng44XQoZUrIWOsm7FNJcfJ4NWS+C2SuhR0bWs3x/YuSmxHMo2kMI8kwpRh3k/voDzCn4kR+A42DvMOHGRTkOHTccfPww4psThCU9fkkB36nY9+q1RrrM3t6fBusadJHOylMnp0HCIIR9ITIAwfENSbwqCceJZ6f9Npfw8pKBLyh7TpmB0xyr

aWKCgDTxjpa8M6WgG3gJcE8BNHVypmlZ58tM62DfHKhPwmZidaaHgIIGxliBBuUgfZwBlhyKZpUfGTTIM5xzGZoIMsSzLWCcDV8SXRCR2XryI9AxK/YMVl187lkcEBEYBHzDBDCx8IEIMnjP0XIRdlSFkvlEZPEhaD8UPA9Mu134G8T+Jgk7AMJNEniTJJ0kwgLJOWmiDm5ieO4JdMVq7AiZ1ud2Tnn7mVcQCgFD4D1BbAH8Vya+TrhENTZhD1yX

XSIX+P6l1TzxEAfEDiFPL9wPYxHVIe4xcoZCtuexfScRDTRJocZREO+PCA6jozjgLYUmRAiAznEOiyAp+IQg+JWSrgatKsZ0Me7dCCm3M/oS2j5ktjhhnkzgkSU7ETDwO0woKaDzH7SzmmkPBDnLPHwKy6SftPUaCLVlFgJUyU4yhTFcikRCGctNccbOqziKKeN/cSEuECRlSn+dsw6Q7IE5Ozv+W0soXATBAezQRXs2Ts5SzYQBAAKs1MjAADHW

oBAAIT2AAepe8ptVAAAz2AAMIe8qAAACcACl44AANV1ALVUAAy4x5UxFuLERarQABHjaNU0E1XEYmLzF1i2xW5UcUuKPFXi3xe5X8WuLAlqAEJXNS7SSi22PrYhv622pBsFRIbW6sqOYZMA1R11JUZqIhTcMFqibN6irP1HpsfqRoiJWYssU2LUA9ipxagDcWeKfFfi3pakuCWhL4KLbN0XjQ7ZmNKI3bW9j6NBl2N0ARgaKNgA0CaAcQnmRGWSE

AXKS7297IBA+nWBTJauOMg7gBn9Qpj5IkpRBXzERT4R9gJWHBE4XylYKsmdfctA318lN8YSrfRsSQrGxkLBZ3aSWT5NqYD8+CdCjsaCsYXg8J+LCxYdISikrDFZaw5Wd8N4XnxYwAi74WlKpiE83iEIa4WdhuDX9zZ6Ux9J2HwitgDxBdH2cc345fC1FvwzIWi2fazkdFVpJXt7IJZQj0ASjdekSIgD0sAAPAoFwAirzIX1OAFAHpbeZHwAACkFX

YB9AxAQVQAEpRVkqwgNKpFW4BUA43U6gKogDsjDF/KwVSKrFUSrsAUqmVXKqgCKqIAyq1VRAA1UKAtVOq4VXqoNUigjVEozIFKLIZ5KqG8o7sKzQ1HoBw2ZSy6uqKqULYtRxQHUUm24W2hmlojVpaao3rmrRV4q4Ve6ttXBAFVSqlVeqs1XWrtVMqz1fqsCA+rBVzbV0UY0mWdtzSsy0vvMtfne9/RcAP2DUHKBsBlAPAfoApMJZs1J84ZeINAim

Tnt1Bn5b8ve1UGCx1B0XPMYgongYIo57YdOE8qygvLb2j/SAOrTwU1iCFvQopswTcmOTzqwKmYdQu7G0LQOIKi9E0zCkUkRxSKscZwonGcV4pXJWxKBGxWf9cVmk+5aREz4KUJF12c/luLJWoA3g8Ia3K7hpWM8qpDKmqf4XqmbwAIkYF8DADjD0A3w/kZgCJMODOAWMXQZwDUGcAhjQ1IvfcutKRY/CgJLsrrC8HZXmlsW+08EcotDXiNqREVQA

C5dqAQAJvNgARPH3FgAGTqV6Jq+BrxvCoCaRN4myTZ6xyW51oYfrYNYUu43FKGGEgSNZG3KXRtY10AeNZAETUNLvhBolpcaPQAya5NomiTXWoMYTLuAHo5tV6LwL9sqOHa22LGBgDNgugygfEJGCHXpDdlTFBNAiGKw7teUukyAm8CgSVRAM1UOSh8TiZxpmwd8WWixt2Bnsd1pfPdbYlwV2SKE+TE9b8r/bnqBZl64WVQuhU0L/JfYmrY+pdrPq

IpiK+WdFJRWxS0Vn/DFXBDfD/qpxJhVyJPDkH7EiVcIKRfcOg2VFnhMCxDZVO8IoawBaGyurbFICYbsNuG/DYRo7gkayNFGqjaGKRkvy6J14AInpnwB7AJUQgSQMeEjBQAugcAGAG3GUAUB6A44OADrx6nPy+pmqDaeoqY1dRqo0/cxuxs9mcbuVkI8RpWu9VGqzVQq7NVaptWyqC19qotc6tdV5rdVVaw1YKvNWRLEdUmsoDDurVw7M1COy1bmr

LU6q7VDqp1SWrdXU6K1Xq0nXjqFUE7LVfqkht6xU06I1NcojTQYslSGbdNqogzSUuqWPU6luoxpaCIs1pqrNEAEnbjogDw6LVOarHbTvR0M6sdyumtRAHx1mLCdLoxzQ2uc1TLPRcyjzdxJiFqwNtOGvjNtqI17byNlGodZsQyEthE084EWk8FHznZvy8SRNF1BVw4JX4zAgBCurHUq58EgSMob1hjmtDe2E8ENK8EL4wgchr8RPcUAPVFaRsx6r

mQ2PK2kL3JVWryY1uoI9iAp4ia9dCtClTDuwL6thTPw4W+1P1yatHuvy9ADbtZVwXWT4kiaF9i0DHcDc/CNnSLptkIQhNs0sJ51n+kOj4cz1UWDbuwzsllanAATPFzs8vFfWzgh36LIAfshTuLkgFOlg5Ac6yNHuATtz499MAznMhT38pfG1uUrFlCz1dAU5WcNOXshIFkCTkOPSuRPPbJTz9BEYbtb2v7WDrrB45cUszJaI1c34HKBQdwFuD+Ja

urwfBLCE7iHAx5VcyeZAFc7koygPmvzQFqC3QHyy2k+EIvkATz50C7g60HEDeBLg2wbcEbXAhwOnaV84qIIU/Pvnb4Wu++E7Tbv9GSgugdQKAFdMlAvhgtOy7sHjBfgHBAKsCCvh3Byx7drguxUNI+jyhZQ2wlxRBUwN2AdEJ41ZWcLlt7b5bc97MsbIQqL1nqS9F68prXtFl+SIV96lw8dgh6N7WtVJUcaxTQ5KzJx36gjrgDqADaceszdFC/AT

2TbrCVMbPGBon2xJMUUTerp+VtmHj7ZyGz4TVNTZr7UiG+ljcpTY3fC9FhdYdWUD8qAAR5qJ0SAajXOgNc1BlFQB8lgbFAsG2F0S6I1TDPTdGsqXdGjNNS+NtLqTWy6U1IjTNvAwaMm7W27oi3a5qt2+jDy783oJGFVD+RSAa4ZwDhsvzMBcAbANYMoDXAUBhgHsHgEOpdRJRI+lubdt8HnDPBnie3RfBWXWAAIHg/KZJrcNS2yC6ZZDRIznsK02

G6CuFew+90cOVbnD9C8Ybevq2QqRZXhuFT4dYVtb2FHWj9UEa/Wqyf1uAGoBEdSlx1KVY+yeO0JynxGw5pK2JK8CwMdQGBc+pRQvpUWMqAZ52soHsEu3Xbbt92x7c9qONvaPtX2lacdt+0Q5veg0iAL+DqC4AvQwwSoKqBfDmQeA0YYOJKAaAwBCAPAfyFwCFO/iRT/25lYUdLE0wauHxHfRBP30VHVex0jXjXH9oPAxI9mVuG0B14NxdwxALoCK

GdyRougxAYgNcB2Z7BGiCkJ+ELz+neZWe7vcYiIdtjsmrtN2u7Q9qe0vb+Tn2i41st6mR9Z8Wh7BIT0ISpjTJ35B3C1DXblZn4bwefCusTTRM/GOCOrMoYsPZoJI8QHKCgMfQrjPy1h/BXzLsOnrwTAK0vVCahWuGq9DWi2nXqYUtaUTfht9QEfh7dbd9NsHEzIc1kCle97iLg6KXvTW4VBenTcST2kr5SzZKRgiC7AhAEQ6emR2lQSzf6OyFzDG

40mkSB3hlsp1lC0nefKN0qeI9pVnhLiDmi4YBiuS5FWfWA1mIQhCes7MibPFmysRENs5PD2Cf6rOcZDOX/tZ4EFCG48CwuKXwSvAgZLoaBWAUhADxp9Fc8VHgeAMEHp56AEg5KTINNze8SeQVFHMwOndZFSB8rh8B/iWyiIgFDuFAw/0bnmy48nQdXJAO1yJAaxjY1sZ2PRg9jBxo4ycbONpmN5DFvYkLEwsRNaTY++g0fPC6cWYCmUkgq2Cgbu5

21e2Hg4Ie+EPzghcRYQ36NtjHhCAIoIwF0AAgUBfwsh/6hkIwNQJfBX9J+L1ju6btnAJQysgPDbjFo4NxEFLRd2tzlQnis+UqWkwbMnJSTIJD5dWK+UlbC9vZ1yRCfoJl7KFY54c3et8kPrETMs+Fa0xB2z9OtDJecyEcSn4YJm/JQRUNpBBZZ6O4ZIlesEg3JHpRHYSEJcXVIVTsji23I2APyMA719pYx4G8BwQcqciXKg/ZUfqPVHqqqAQAA01

gAH5qBWVVVALyMdaABVNcAAe44AAjVoUZiMACUPYAFSekKtCMACVYwyNQCkjpWqIwACVDgAGwXAAvZ2AAOpepGAATocACRq6gBxGAAShYE0OtUAgATBrRlAOcJYYpqMbWdre1yqgddRHHXzrl11ALdfutPWXrb11AF9b+uA2Qb4NyG6Kxhtw2+d/q5TS0baMhqhd4ak6iqKWYVL2Ghm+6sMe1GjGzNn/eXVMaqPrWtru1lGujZraoBTrF120RwGu

t3XUAj15669Y+s/X/rqAYG6DYhvVsRWVNzJSQnGVm722Ta18y2uT3W6/RgmNIN3F9NqRUQ425jmSfsKxJ7+qYy3NOKLAeX5tY123RAASBwAWMxYaUwBEHPXRJAjIDQIEBKtwmPD0JqWbCsqvImEV059K0NnkMzg4QIaEk+oNWDAJrcOMs4qAV6y1cCIi4QlV2dsMuhK7JYXK7zP7NOHEF2Au4PEkFTMGMUAJkvr20FiVo46yh24bVYxOorgjJwqO
```

%%


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://krjaeh0.gitbook.io/j-log/security/bwapp/comminjection.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.