My hints for user.
1º There’s one evil function that can be abused.
2º If your reverse shell dies fast, try with a different one. No need to complicate things.
@birb said:
Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I’ve tried every single escape char I can think of but I still get that error. I’m using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.
You are getting an exception since you are doing something the application didn’t expect.
That doesn’t mean however your payload hasn’t been executed. If you are with a payload already, try to create a reverse shell. That’s the best way to see if your approach is working or not.