Forum Discussion
Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"
In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?"
$> ls /etc
Tells me that there is no file named flag.txt Am I looking in the wrong place?
The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.
10 Replies
Like my first two posts, this doesn't appear to be on the forum yet.? Not clear if I'm posting to the wrong place, or an admin needs to approve things before they appear.
- KieranRowley
Community Manager
Hey QuickSloth welcome to our community!
Please post questions in the Help . I will move this post for you. Please take a look at the Get Started guide for more information.
I looked again in /etc and still no file called flag.txt
Am I confused about assuming that there should be a file /etc/flag.txt?
Bump
- KieranRowley
Hi QuickSloth I have taken a look but I can't work out which lab you are referring to, please can you clarify the lab name?
Does this help?
- netcat
Advocate
The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.
