portswigger-all-labs

Complete PortSwigger Web Security Academy Lab Writeups Detailed, categorized solutions for every lab — from APPRENTICE to EXPERT — covering all 30 vulnerability types.

View on GitHub

Labs Covered

This write-up focuses on the following APPRENTICE-level lab from the PortSwigger Web Security Academy:

1 OS command injection, simple case

This lab demonstrates how an attacker can exploit unsanitized user input that is directly passed to system commands, allowing them to execute arbitrary OS commands on the server.

LAB 1 - OS command injection, simple case

Lab Description :

image

Overview :

image

Solution :

We have check stock feature on the website.

image

Intercept the above request and do out of band interaction through collabarator

image

We can see that we get response from above collabarator to burp

image

If we try with productId we will get errror

image

Now we will try to exceute command of whoami from storeId and lab will be solved

image