Code Execution :: OS Command Injection #2


Problem Statement

The query systemDiagnostics accepts certain UNIX binaries as parameters for debugging purposes, such as whoami, ps, etc. It acts as a restricted shell. However, it is protected with a username and password. After obtaining the correct credentials, the restricted shell seems to be bypassable by chaining commands together.

Resources
Exploitation Solution