Overview
![[Screenshot from 2022-12-02 12-37-32.png]]
- Allows an attacker to execute commands on the web server
- Used to compromise other parts of the hosting infrastructure via pivoting
Example Exploit:
-
Website that allows users to view whether and item is in stock: https://insecure-website.com/stockStatus?productID=381&storeID=29 (opens in a new tab)
- Application calls out a shell command with product & store IDs as arguments
stockreport.pl 381 29
- Application calls out a shell command with product & store IDs as arguments
-
Submit the following in the "productID" parameter
stockreport.pl & echo
aiwefwlguh & 29- Useful Commands: ![[Screenshot from 2022-12-02 12-37-18.png]]