This lab contains a blind OS command injection vulnerability in the feedback function.
☠️ The command runs asynchronously and has no visible output in the application.
❌ You cannot redirect output to a readable folder.
✅ However, you can trigger out-of-band (OAST) interactions, such as a DNS lookup to an external domain.
Exploit the injection to trigger a DNS lookup to your Burp Collaborator domain.
🧱 Note: You must use Burp Collaborator’s default public server (from Burp Suite Pro) — the lab firewall blocks external arbitrary systems.
To prevent the Academy platform being used to attack third parties, our firewall blocks interactions between the labs and arbitrary external systems. To solve the lab, you must use Burp Collaborator's default public server
We’ll modify the email field to inject a command.
This is an Out-Of-Band Attack (OAST).
🎯 Objective: make the target server issue a DNS request to our Burp Collaborator domain.