This lab contains a blind OS command injection vulnerability in the feedback function.
π οΈ The application executes a shell command using user-supplied input, but the output is not shown in the response.
However, you can redirect output to a file using shell operators.
Thereβs a writable folder on the server
/var/www/images/
The application serves image files from this path β meaning we can inject output there and access it from the browser.
Execute the whoami command and retrieve its output via the browser
Inject into the email field as follows
email = & whoami > /var/www/images/output.txt &
# encoded this parameter and send the requests with ctrl+u