Portswigger OS Command Injection-Lab 1

Hello everyone , in this post I will be sharing my walk through for Portswigger’s OS Command Injection , which was really an easy lab in which you would have to find a point where you could chain OS commands to gather with parameters being passed to shell.

OS command injection, simple case

From the description of the lab it says that command injection vulnerability exists in product stock checker.

We can visit and product we want to and then find where that stock checker is.

If we click the Check Stock button , it's going to bring back some results

There’s a POST request being sent as we do not see any parameters in URL , so to play around with it let's use brup suite to intercept the request

Send this request to Repeater using CTRL+R so we can try sending the request again and again by modifying it.

Here we can see POST request being made to /product/stock and at the bottom we can see the parameters having the value so these parameters are being passed to a shell and then being executed from there are displaying the resutls so there's a chance that there's isn't input sanitzation we can check by adding ; which is used chain commands to gather

https://owasp.org/www-community/attacks/Command_Injection

We can do bunch of stuff like reading files on the server and doing other cool stuff but for now our goal was to achieve command injection.

BS CS undergraduate | CTF Player