Skip to main content

OS command injection, simple case

1

Let's check the first product's stock.

2

We can intercept this request using the Burp Suite Proxy and forward it to the Repeater to modify it.

3

Now let's set the storeID parameter to the following and send the request:

1|whoami

4

We have solved the lab.

5