This one is about an interesting behavior 🤭 I identified in cmd.exe in result of many weeks of intermittent (private time, every now and then) research in pursuit of some new OS Command Injection attack vectors. So I was mostly trying to: find an encoding missmatch between some command check/sanitization code and the rest of the program, allowing to smuggle the ASCII version of the existing comma
![Cmd Hijack - a command/argument confusion with path traversal in cmd.exe](https://cdn-ak-scissors.b.st-hatena.com/image/square/7aeb01cb7929d04bd677487e8b684fcf24207d16/height=288;version=1;width=512/https%3A%2F%2Fhackingiscool.pl%2Fcontent%2Fimages%2F2020%2F03%2Fedited_wall_win98main.jpg)