How can an attacker exploit the Webmin RCE vulnerability using Burp Suite?

After setting the password expiry policy to prompt for new passwords and creating a user with 'Force change at next login', the attacker logs in and captures the password change POST request in Burp Suite. The attacker then modifies the 'old' parameter (e.g., old=123|id) to inject commands, which are executed by the server. The response includes the command output, confirming RCE. This process is demonstrated in the Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107) Exploitation Test article.