# OS command injection, simple case

## Description

This lab contains an OS command injection vulnerability in the product stock checker.

The application executes a shell command containing user-supplied product and store IDs, and returns the raw output from the command in its response.

To solve the lab, execute the `whoami` command to determine the name of the current user.

## Solution

<figure><img src="/files/OROFdAMHVsLy19J0iaHn" alt=""><figcaption></figcaption></figure>

Every product has a dedicate check function to retrieve if a product is availble or not:

<figure><img src="/files/tRK9zp9Bkjcacg52UlwN" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/25B3sSYl2OuttYt3jLGc" alt=""><figcaption></figcaption></figure>

We can try to concatenate it with a payload like as ; & or |: `;whoami`

<figure><img src="/files/GPiOmbDTBOA6mLAT9mIa" alt=""><figcaption></figcaption></figure>

and we obtain the user of system: peter-Gu9oqX solving the lab.

<figure><img src="/files/2ahuDRnmqknWWY84Kk80" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev-angelist.gitbook.io/writeups-and-walkthroughs/portswigger-web-security-academy/server-side-vulnerabilities/os-command-injection/os-command-injection-simple-case.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.