Lab: OS command injection, simple case

PublishedMay 18, 2025

•2 min read

Cybersecurity professional sharing insights on securing ecosystems, exploring cloud tech, and simplifying concepts for pros, enthusiasts, and beginners alike.

Part of seriesPortSwigger SQL injection (SQLi) Labs

Lab Scenario: Our objective is to explore and exploit an OS command injection vulnerability in a web application's stock level check feature. By intercepting and modifying a request, we aim to execute arbitrary commands and observe the response, highlighting the risks associated with such vulnerabilities. Let's embark on this journey using Burp Suite:

Intercepting the Request:
- Use Burp Suite to intercept and modify a request that checks the stock level.
- Identify the parameter susceptible to OS command injection, in this case, the storeID parameter.
Modifying the Parameter:
- Modify the storeID parameter by injecting the value 1|whoami. This payload is designed to execute the whoami command, revealing the name of the current user.
- Observe that the modified request looks like this:
```
  storeID=1|whoami
```
Observing the Response:
- Forward the modified request and observe the response from the server.
- Note that the response contains the name of the current user, demonstrating the successful execution of the injected OS command.

Conclusion: This simple lab exercise provides hands-on experience in exploiting an OS command injection vulnerability. By following this step-by-step guide, users can gain insights into the potential risks associated with command injection and the importance of securing web applications against such exploits. Stay informed, keep learning, and continue exploring the dynamic field of cybersecurity to contribute to a more secure online environment.

Reference:

https://portswigger.net/web-security/os-command-injection/lab-simple

#sqlinjection

9 views

Comments

Join the discussion

No comments yet. Be the first to comment.

PortSwigger SQL injection (SQLi) Labs

Part 11 of 12

Throughout this series, I'll explore the effective utilization of the Burp Suite application from PortSwigger Academy, offering valuable insights into honing reconnaissance and analysis skills.

Up next

Lab: HTTP/2 request splitting via CRLF injection

Our target is to exploit a hypothetical web application, simulating real-world scenarios. To demonstrate HTTP/2 request splitting, we will follow a step-by-step solution provided by the lab: Setup with Burp Suite: Start by sending a request for GET ...

More from this blog

Lab: HTTP/2 request splitting via CRLF injection

Aug 16, 20252 min read8

Lab: Broken brute-force protection, multiple credentials per request

Lab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...

Nov 17, 20242 min read49

Lab: Broken brute-force protection, multiple credentials per request

A quick guide to Getting Started in Cybersecurity

How to Get Started in Cybersecurity Cybersecurity is one of the fastest-growing fields in the tech industry. It offers a wide range of opportunities to protect businesses and individuals from online threats. If you're interested in getting started, h...

Nov 17, 20243 min read16

A quick guide to Getting Started in Cybersecurity

Lab: Exploiting XXE to perform SSRF attacks

Lab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...

Nov 8, 20242 min read18

Lab: Exploiting XXE to perform SSRF attacks

CyberVisions with Joel O.

61 posts

Azure | Cyber Security | Risk Management

Command Palette

Comments

PortSwigger SQL injection (SQLi) Labs

Lab: HTTP/2 request splitting via CRLF injection

More from this blog