OS command injection is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subject to this exploit. With the ability to execute OS commands, the user can upload malicious programs or even obtain passwords. OS command injection is preventable when security is emphasized during the design and development of applications.
As you can see this is DNS lookup but, it has OS Command injection vulnerability using which we can execute system command.
More …
For this vulnerability consider a scenario where the blog stores a commend or some sort of text message from the users.
More …
As you can see our current URL is http://192.168.140.138/bWAPP/htmli_current_url.php
More …
In this also we can use the same techniques as we used in Reflected (Get) HTML injection
More …
HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.
This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
More …