Whitespace Bypass

IFS

Internal Field Separator (IFS) refers to a variable which defines the character or characters used to separate a pattern into tokens for some operations. The value of IFS, typically includes the space, tab, and the newline by default. To keep it simple and stupid, just think IFS = space.

Shell Variables

Shell variables can be referenced using the $ sign. For example, $1 refers to the first shell variable and $2 refers to the second shell variable. Similarly, $9 refers to the 9th shell varaible and it is an empty string in most cases.

Bypassing Whitespace

If whitespaces are blocked by the application, we can try using the following payload to replace whitespace:

$IFS$9

Here $IFS acts as a whitespace and $9 acts as a separator.

PreviousOS Command Injection NextBlacklist Bypass

Last updated 2 years ago