OS command injection, simple case

Let's check the first product's stock.

We can intercept this request using the Burp Suite Proxy and forward it to the Repeater to modify it.

Now let's set the storeID parameter to the following and send the request:

1|whoami

We have solved the lab.

Last updated 9 months ago