LAB 5 - Blind OS command injection with out-of-band data exfiltration¶
Initial instructions¶
This lab contains a blind OS command injection vulnerability in the feedback function.¶
The application executes a shell command containing the user-supplied details. The command is executed asynchronously and has no effect on the application's response. It is not possible to redirect output into a location that you can access. However, you can trigger out-of-band interactions with an external domain.¶
To solve the lab, execute the whoami command and exfiltrate the output via a DNS query to Burp Collaborator. You will need to enter the name of the current user to complete the lab.¶
To perform this command injection attack first of all we need to submit feedback and intercept this request with BurpSuite.
![![[Pasted image 20250405205405.png]]](../Lab5Images/Pasted%20image%2020250405205405.png)
Once intercepted we can try to inject this malicious code in the email parameter. This is the payload I used.
If we go to the collaborator we can see that the user is peter-rZqsyT
![![[Pasted image 20250405205736.png]]](../Lab5Images/Pasted%20image%2020250405205736.png)