Today we start this series on this vulnerable application owasp mounted on a physical machine in my network.
The first test requires a command injection exploit using in my case
I tried the same exploit and nothing, let’s try some different payloads. There was a filter or blacklist for some characterS but you can simple bypass with %0
For the next I’ve used the following exploit:
%0a id %0a to bypass the protection
The last level, I’ve used
%0Aid%0A to bypass the website
with this we have completed all the levels of command injection in a short time, the test seems easy but it can give you the idea of the various payloads to use. If you can try several expoits even better, I haven’t had much time but this test helps if you want to test the vulnerability on one real scenario.
In case you want try please access to https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Application and download Hummingbirds app
- Previous Post