Command Injection in DVNA

Exercise - Command Injection - DVNA

Step 1: Click on "A1: Injection" > "Command Injection: Network Connectivity Test"

Step 2: On the "Test System Connectivity" page, enter 8.8.8.8 in the Address field and click Enter. Capture the request that is made using Burp Intercept

Step 4: Send the intercepted request to Burp Repeater(CTRL+R) and navigate to repeater(CTRL+SHIFT+R)

Step 5: In the POST request in Repeater, modify the "address" parameter in POST body to 8.8.8.8;ip addr and forward the request. The OS executes the ping 8.8.8.8 and the ip addr commands and provides the output to the client.

PreviousSQL Injection in DVNA NextA2 - Broken Authentication

Last updated 4 years ago