-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Burp Suite Cookbook
By :

Command injection involves an attacker attempting to invoke a system command, normally performed in a terminal session, within an HTTP request instead. Many web applications allow system commands through the UI for troubleshooting purposes. A web penetration tester must test whether the web page allows further commands on the system that should normally be restricted.
For this recipe, you will need the SecLists payload for Unix commands on a Unix- or Linux-based operating system:
https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/UnixAttacks.fuzzdb.txt
Download the SecLists payload from GitHub:
https://github.com/danielmiessler/SecLists
Using the OWASP Mutillidae II DNS Lookup page, let’s determine whether the application is vulnerable to command injection attacks.
Change the font size
Change margin width
Change background colour