Blind OS command injection with output redirection

Let's submit some feedback.

We can proxy this request through Burp Suite and check the Proxy > HTTP History tab.

Let's forward it to the Repeater for modification.

Once in the Repeater set the email parameter to the following and send the request:

x%40gmail.com||whoami>/var/www/images/output.txt||

The out put of our whoami command is now saved in the /var/www/images/output.txt file.

Now let's view one of the images through our browser.

Let's go to the Proxy > HTTP History tab in Burp Suite and view this request.

After forwarding this request to the Repeater, we can set the filename parameter to the following:

output.txt

There's the output of our command.

We have solved the lab.