Today Craig Donkin, Lead Consultant, releases a blog on'Data Exfiltration via Blind OS Command Injection'.
In the post Craig talks about techniques that could beused on a penetration test or CTF to exfiltrate the contents of a file storedon a server by exploiting Blind OS command Injection flaws caused by inadequatevalidation of user supplied input to a vulnerable application.