Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web Security Academy OS Command Injection, Simple Case

SecurityStudent | Last updated: May 08, 2019 07:06AM UTC

I've been trying to do this one (Web Security Academy OS Command Injection, Simple Case) but nothing seems to work. I even used the proposed solution and it didn't work at all so my suspicion is that the challenge is broken.

Liam, PortSwigger Agent | Last updated: May 08, 2019 10:58AM UTC

Thanks for the report. This should be working now.

Burp User | Last updated: Jul 03, 2019 09:07AM UTC

Hello SecurityStudent, have you tried the Lab: Blind OS command injection with output redirection?? If yes, I also tried that one and seems to be broken, the lab is not solved even if you try the solution. Hope they solve it

Liam, PortSwigger Agent | Last updated: Jul 04, 2019 10:21AM UTC

We've tested the solution and it's working for us.

Burp User | Last updated: Nov 19, 2019 04:43PM UTC

I have the same issue in this challenge. :( Web Security Academy OS Command Injection, Simple Case

Ben, PortSwigger Agent | Last updated: Nov 20, 2019 08:18AM UTC

Hi, I have just tested this lab and was able to solve it using the solution provided. Are you having an issue with anything in particular with this lab?

Burp User | Last updated: Dec 22, 2019 01:02PM UTC

Not working for me as well.

Hannah, PortSwigger Agent | Last updated: Dec 31, 2019 11:06AM UTC

I have just tested "Web Security Academy OS Command Injection, Simple Case" again, and completed it with no issues. Is that the one you are having issues with Aditya?

Wolfie | Last updated: Apr 03, 2020 08:38AM UTC

To solve this, Try this: 1. Go to your lab URL, In my case, it's: https://ac6e1fd31ea1ccca8094c6d700d600e8.web-security-academy.net/ 2. Choose London, Paris OR Milan and press "Check Stock" 3. Go into burp and select: https://ac6e1fd31ea1ccca8094c6d700d600e8.web-security-academy.net/product/stock 4. This will now show: productId=2&storeId=2 5. Put in the solution in the solution "1|whoami" in the storeid= Now it's solved...

user | Last updated: May 11, 2020 05:07AM UTC

<span>thnks</span>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.