Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Web Security Academy
  2. OS command injection
  3. Lab

Lab: OS command injection, simple case

APPRENTICE

This lab contains an OS command injection vulnerability in the product stock checker.

The application executes a shell command containing user-supplied product and store IDs, and returns the raw output from the command in its response.

To solve the lab, execute the whoami command to determine the name of the current user.

Access the lab

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure File upload vulnerabilities JWT attacks Essential skills Prototype pollution
Try Burp Suite for Free

Find command injection vulnerabilities using Burp Suite

Try for free

Stories from the Daily Swig about OS command injection

Bug Bounty Radar

The latest bug bounty programs for March 2023 28 February 2023 Bug Bounty Radar The latest bug bounty programs for March 2023

RCE bug patched in Apache Kafka

15 February 2023 RCE bug patched in Apache Kafka Possible RCE and denial-of-service issue discovered in Kafka Connect

Deserialized roundup

KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack 10 February 2023 Deserialized roundup KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Serious security hole plugged in infosec tool binwalk

03 February 2023 Serious security hole plugged in infosec tool binwalk Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here