Anyone could help me? I am stucked at Bypassing Other Blacklisted Characters of command injection.
I tryied a lot of combinations to bypass the input validation using Environment Variables. But none of them brings me the return of the commands, for example: ${SESSION_MANAGER:0:1}${SHELL:7:1}${PATH:0:5}. I tryed that on my terminal, and it works on my local machine.
I need to know how to get the return of this commands on burp sweet, seens they are bypassing the filter once ping returns.
I already tryied other things that are presented on de module like {ls, -la} or \n %0a , again ping runs, but no return of the command execution