Blind OS command injection with output redirection
Last updated
Was this helpful?
Last updated
Was this helpful?
Let's submit some feedback.
We can proxy this request through Burp Suite and check the Proxy > HTTP History
tab.
Let's forward it to the Repeater
for modification. Once in the Repeater
set the email
parameter to the following and send the request:
The out put of our whoami
command is now saved in the /var/www/images/output.txt
file. Now let's view one of the images through our browser.
Let's go to the Proxy > HTTP History
tab in Burp Suite and view this request.
After forwarding this request to the Repeater
, we can set the filename
parameter to the following:
There's the output of our command. We have solved the lab.