OS command injection, simple case
This lab contains an OS command injection vulnerability in the product stock checker: The application executes a shell command containing user-supplied product and store IDs, and returns the raw output from the command in its response.
Reproduction and proof of concept
Use Burp Suite to intercept and modify a request that checks the stock level.
storeIDparameter, giving it the value
Observe that the response contains the name of the current user.
HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Connection: close Content-Length: 13 peter-gmkX5d
An attacker will need to execute the
whoami command to determine the name of the current user.