We intercepted the request again using Burp while sending the request and used & whoami in both parameters :
We were able to successfully use Command Injection to use the whoami command, thus solving the lab :
We intercepted the request again using Burp while sending the request and used & whoami in both parameters :
We were able to successfully use Command Injection to use the whoami command, thus solving the lab :