Blind OS command injection with output redirection
Last updated
Last updated
Let's submit some feedback.
We can proxy this request through Burp Suite and check the Proxy > HTTP History
tab.
Let's forward it to the Repeater
for modification. Once in the Repeater
set the email
parameter to the following and send the request:
The out put of our whoami
command is now saved in the /var/www/images/output.txt
file. Now let's view one of the images through our browser.
Let's go to the Proxy > HTTP History
tab in Burp Suite and view this request.
After forwarding this request to the Repeater
, we can set the filename
parameter to the following:
There's the output of our command. We have solved the lab.