While attempting OS Command Injection on a url.com/?ping= parameter, I see that all single quotes ' are being escaped and replaced by \\'. This is being done by PHP.

This is problematic because whenever you submit a value to ?ping= it's wrapped with two single quotes (e.g. 1.1.1.1 becomes '1.1.1.1'.

So, sending a traditional payload such as 1.1.1.1;ls becomes '1.1.1.1;ls' (wrapped in single quotes, nullifying the attempt to execute ls.

How can I escape ' to achieve code execution?