OS command injection is also known as shell injection. It allows an attacker to execute operating system(OS) commands on the server that is running an application.
Lab: OS command injection, simple case
[Information]
[Problem solving]
1. I went into the detailed view of one product, clicked the check stock button, and grabbed it as a proxy.
I inserted the "whoami" command into the productId parameter using | and sent a request to the server.
The lab was solved and the name of current user appeared at the bottom.
Lab: Blind OS command injection with time delays
[Information]
[Problem solving]
1. I accessed the lab, went to the feedback page, wrote the feedback and clicked the submit button with the proxy turned on.
2. I put "&sleep 10 #" in the name parameter, encoded url, and sent the request to the server. "&sleep 10 #" means asking the server to sleep for 10 seconds and annotating the string that follows so that it does not run. The intended request has not been forwarded because the name parameter does not have a vulnerability.
Next, I put the same value in the email parameter, encoded url, and requested it to the server, and the request was delivered as intended. This indicates that the email parameter is vulnerable.
The problem was solved.
'Wargame & CTF > PortSwigger' 카테고리의 다른 글
| [Client-side topics] Cross-site request forgery (CSRF) (0) | 2024.04.08 |
|---|---|
| [Client-side topics] Cross-site scripting(XSS) (0) | 2024.04.06 |
| [Server-side topics] Path traversal (0) | 2024.03.25 |
| [Server-side topics] Authentication vulnerabilities (0) | 2024.02.27 |
| [Server-side topics] SQL injection (0) | 2024.02.11 |