OS command injection, simple case

Let's check the first product's stock.

We can intercept this request using the Burp Suite Proxy
and forward it to the Repeater
to modify it.

Now let's set the storeID
parameter to the following and send the request:
1|whoami

We have solved the lab.

Last updated
Was this helpful?