Blind OS command injection with time delays
https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays
Level: Practitioner
This time we cannot see the output at first instance.
With Burp Suite try to fuzz every input with the sleep command and different ways to concatenate our commands, to see where we can inject our commands.
Note that the email parameter is injectable.
Set the sleep to 10 seconds to complete the challenge.
Last updated