Web application security - the fast guide 1.1 | Page 140

Chapter 7 - Attack execution (3)
P a g e | 140
But if an attacker wanted to exploit this functionality in malicious way he can
simply use shell special characters like (|) to make that code show the password
file.
Using the pipe character will pass the output of the functionality to the command
after the pipe but what if the command after the pipe character was
cat/etc/passwd this eventually will cause the command to ignore the output of
the executed functionality and execute the cat command which will show the
contents of passwd file