we are given with functionality to ping device. we give ip or domain to ping.
input: localhost
output:
This is about command injection so backend must be appending our input ping command.
we can give our arbitrary command to execute with the help of pipe | ,so let’s create a simple payload :
|ls
it works on all low, medium and high.
Happy Hacking