We will be covering the 2nd lab for OS Command Injection for Portswigger Web Security Academy.
This lab contains a blind OS command injection vulnerability in the feedback function.
The application executes a shell command containing the user-supplied details. The output from the command is not returned in the response.
To solve the lab, exploit the blind OS command injection vulnerability to cause a 10 second delay.
—
Join along at Portswigger:
https://portswigger.net/web-security
Command Injection Labs:
https://portswigger.net/web-security/all-labs#os-command-injection
More information on Command Injection:
https://owasp.org/www-community/attacks/Command_Injection
—
Feedback is welcome.
If you found value, please leave a sub and a like. Maybe share it?