Skip to main content

Blind OS command injection with output redirection

1

Let's submit some feedback.

2

We can proxy this request through Burp Suite and check the Proxy > HTTP History tab.

3

Let's forward it to the Repeater for modification.

Once in the Repeater set the email parameter to the following and send the request:

x%40gmail.com||whoami>/var/www/images/output.txt||

4

The out put of our whoami command is now saved in the /var/www/images/output.txt file.

Now let's view one of the images through our browser.

5

Let's go to the Proxy > HTTP History tab in Burp Suite and view this request.

6

After forwarding this request to the Repeater, we can set the filename parameter to the following:

output.txt

7

There's the output of our command.

We have solved the lab.

8