Nikoolayy1
yes as you said , I know that there is an Attack signature preventing ping executions.
but sometimes I test to inject such these codes in urls but it does not be blocked be blocked because it matches attack pattern ,
such as this Example " https://shoping.com/index/curl -v 10.20.20.20/items/.....
Curl should be Blocked because it matches with attack signature and i am sure it is enforced.
whereas when writing this " https://shoping.com/index/<script>/items/....." it is blocked because it matches with XSS signature pattern.
But , in any case this request " https://shoping.com/index/curl -v 10.20.20.20/items/....."
should be blocked because it violates http protocol compliance.
> I think the command execusion differs from XXS from Attack signature Patterns perspective ,
I think command execustion will be blocked if it get an output from backend server.
This is my thought , I will be happy if you correct me.
Thanks Nikoolayy1