Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Web Security Academy
  2. OS command injection
  3. Lab

Lab: Blind OS command injection with time delays

PRACTITIONER

This lab contains a blind OS command injection vulnerability in the feedback function.

The application executes a shell command containing the user-supplied details. The output from the command is not returned in the response.

To solve the lab, exploit the blind OS command injection vulnerability to cause a 10 second delay.

Access the lab

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure File upload vulnerabilities JWT attacks Essential skills Prototype pollution
Try Burp Suite for Free

Find command injection vulnerabilities using Burp Suite

Try for free

Stories from the Daily Swig about OS command injection

Bug Bounty Radar

The latest bug bounty programs for March 2023 28 February 2023 Bug Bounty Radar The latest bug bounty programs for March 2023

RCE bug patched in Apache Kafka

15 February 2023 RCE bug patched in Apache Kafka Possible RCE and denial-of-service issue discovered in Kafka Connect

Deserialized roundup

KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack 10 February 2023 Deserialized roundup KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Serious security hole plugged in infosec tool binwalk

03 February 2023 Serious security hole plugged in infosec tool binwalk Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here