This looks like the first example of command injection so far. What happens if we pass a string that, when put in the middle of the "grep -i _____ dictionary.txt" string will cause a completely unintended command to get executed?
For example, what if we send it "hello dictionary.txt; cat /etc/natas_webpass/natas10; grep -i hello"?
The final command that will get executed should be: "grep -i hello dictionary.txt; cat /etc/natas_webpass/natas10; grep -i hello dictionary.txt"
Success!
No comments:
Post a Comment