Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Web Security Academy OS Command Injection, Simple Case

SecurityStudent | Last updated: May 08, 2019 07:06AM UTC

I've been trying to do this one (Web Security Academy OS Command Injection, Simple Case) but nothing seems to work. I even used the proposed solution and it didn't work at all so my suspicion is that the challenge is broken.

Liam, PortSwigger Agent | Last updated: May 08, 2019 10:58AM UTC

Thanks for the report. This should be working now.

Burp User | Last updated: Jul 03, 2019 09:07AM UTC

Hello SecurityStudent, have you tried the Lab: Blind OS command injection with output redirection?? If yes, I also tried that one and seems to be broken, the lab is not solved even if you try the solution. Hope they solve it

Liam, PortSwigger Agent | Last updated: Jul 04, 2019 10:21AM UTC

We've tested the solution and it's working for us.

Burp User | Last updated: Nov 19, 2019 04:43PM UTC

I have the same issue in this challenge. :( Web Security Academy OS Command Injection, Simple Case

Ben, PortSwigger Agent | Last updated: Nov 20, 2019 08:18AM UTC

Hi, I have just tested this lab and was able to solve it using the solution provided. Are you having an issue with anything in particular with this lab?

Burp User | Last updated: Dec 22, 2019 01:02PM UTC

Not working for me as well.

Hannah, PortSwigger Agent | Last updated: Dec 31, 2019 11:06AM UTC

I have just tested "Web Security Academy OS Command Injection, Simple Case" again, and completed it with no issues. Is that the one you are having issues with Aditya?

Wolfie | Last updated: Apr 03, 2020 08:38AM UTC

To solve this, Try this: 1. Go to your lab URL, In my case, it's: https://ac6e1fd31ea1ccca8094c6d700d600e8.web-security-academy.net/ 2. Choose London, Paris OR Milan and press "Check Stock" 3. Go into burp and select: https://ac6e1fd31ea1ccca8094c6d700d600e8.web-security-academy.net/product/stock 4. This will now show: productId=2&storeId=2 5. Put in the solution in the solution "1|whoami" in the storeid= Now it's solved...

user | Last updated: May 11, 2020 05:07AM UTC