Java - Command Injection 4 (CMD-4)
Running the app on Docker
Now that the app is running let's go hacking!
Reconnaissance
When we start the application we can see that we can ping an adress.
Let's try to ping 127.0.0.1
We get back the output of the ping command which tell us this might be vulnerable to a command injection.
Exploitation
Let's try chaining commands
We get nothing back, maybe this application has a blacklist
We can see in this piece of code the app is removing certain dangerous characters in an attempt to avoid some kind of command injection. Unfortunately there are ways to bypass this blacklist approach. Let's try piping the commands:
And we have a command injection!
Additional sources
Last updated