Bug Bounty Hunting for Web Security by Sanjib Sinha

Author:Sanjib Sinha
Language: eng
Format: epub
ISBN: 9781484253915
Publisher: Apress

echo "<pre>$output1</pre>";

echo"<hr>";

echo "<pre>$output2</pre>";

echo 'directory hacker created successfully';

echo"<hr>";

?>

Again, we will send the raw request to the Repeater tool (Figure 6-10). Clicking on the Repeater tab's “Go” button on the Request section will give us the response. We will see that response shortly, in Figure 6-12.

Figure 6-10The Burp Suite Repeater tab

In the Response section, the shell-command.php code will only appear after you click the “Go” button in the “Request” section; it is shown along with the header text.

Now, let us watch the Request part of the left side of the Repeater tab closely (Figure 6-11). We will not only change the filename, but also we will add a .jpg extension with the filename, to trick the server. At the same time, we will have to change the content-type to image/jpg (Figure 6-11).

Figure 6-11The Repeater tab output in Burp Suite

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.