< Back





1. OS command injection, simple case

Vulnerable website has a command injection vulnerability in the /product/stock POST endpoint. The
storeID parameter allows you to inject arbitrary commands, breaking the parsing of the string with
the ; character.


Solution