# OS Command Injections ## **PHP Example** For example, a web application written in PHP may use the exec, system, shell\_exec, passthru, or popen functions to execute commands directly on the back-end server, each having a slightly different use case. ```php ``` > Perhaps a particular web application has a functionality that allows users to create a new `.pdf` document that gets created in the `/tmp` directory ## **NodeJS Example** This is not unique to `PHP` only, but can occur in any web development framework or language. For example, if a web application is developed in `NodeJS`, a developer may use `child_process.exec` or `child_process.spawn` for the same purpose. ```javascript app.get("/createfile", function(req, res){ child_process.exec(`touch /tmp/${req.query.filename}.txt`); }) ``` The above code is also vulnerable to a command injection vulnerability, as it uses the `filename` parameter from the `GET` request as part of the command without sanitizing it first. Both `PHP` and `NodeJS` web applications can be exploited using the same command injection methods. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://eldeim.gitbook.io/brain_fuck/notes/certifications/eastereggs/htb-cbbh/command-injections/os-command-injections.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.