![image](https://user-images.githubusercontent.com/79740895/185295923-7a149c9d-8f1e-4262-ae0a-3884514462ac.png)
we are given with functionality to ping device. we give ip or domain to ping.
input: localhost
output:
![image](https://user-images.githubusercontent.com/79740895/185296846-d2795040-d782-4d85-af22-5197875b0f91.png)
This is about command injection so backend must be appending our input ping command.
we can give our arbitrary command to execute with the help of pipe |
,so let’s create a simple payload :
|ls
![image](https://user-images.githubusercontent.com/79740895/185297755-e48d1fc7-cccd-4a81-acf3-3558ffb70366.png)
it works on all low, medium and high.
Happy Hacking