RCE by command line argument injection to 'gm convert' in '/edit/process?a=crop'
HackEDU has replicated the vulnerability in Imgur that was found through HackerOne's bug bounty program. Try this lesson to learn more about command injection and how this vulnerability can be exploited to take over a system. You will create a command injection attack to gain remote code execution on a server.
Imger is an image sharing site where you can upload images and crop them. The website is vulnerable to a command injection attack. You will learn how to exploit this vulnerability to gain remote code execution.
Learn about this command injection attack with a callback to collect data from the vulnerable target. HackEDU's lesson will walk you through step by step teaching you about the vulnerability and how to leverage a callback to recieve output from the system.