1. Web Security Academy
  2. OS command injection
  3. Lab

Lab: Blind OS command injection with out-of-band interaction

This lab contains a blind OS command injection vulnerability in the feedback function.

The application executes a shell command containing the user-supplied details. The command is executed asynchronously and has no effect on the application's response. It is not possible to redirect output into a location that you can access. However, you can trigger out-of-band interactions with an external domain.

To solve the lab, exploit the blind OS command injection vulnerability to cause a DNS lookup to the public Burp Collaborator server (burpcollaborator.net).


The solution described here is sufficient simply to trigger a DNS lookup and so solve the lab. In a real-world situation, you would use Burp Collaborator client to verify that your payload had indeed triggered a DNS lookup. See the lab on blind OS command injection with out-of-band data exfiltration for an example of this.


Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login