LAB 1 - OS command injection, simple case¶
Initial instructions¶
This lab contains an OS command injection vulnerability in the product stock checker.¶
The application executes a shell command containing user-supplied product and store IDs, and returns the raw output from the command in its response.¶
To solve the lab, execute the whoami command to determine the name of the current user.¶
To come across with this command injection we need to go to any product and intercept with Burpsuite the Check stock button.
![![[Pasted image 20250405201206.png]]](../Lab1Images/Pasted%20image%2020250405201206.png)
Once intercepted this is the request.
![![[Pasted image 20250405201257.png]]](../Lab1Images/Pasted%20image%2020250405201257.png)
In the productId we can try to inject the command. I tried several payloads like:
But I realized that it was giving error in the response.
![![[Pasted image 20250405201519.png]]](../Lab1Images/Pasted%20image%2020250405201519.png)
So the payload I used to inject this command injection is the following.
![![[Pasted image 20250405201611.png]]](../Lab1Images/Pasted%20image%2020250405201611.png)
![![[Pasted image 20250405201714.png]]](../Lab1Images/Pasted%20image%2020250405201714.png)