Forum Discussion

Bronze III

7 months ago

Solved

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?" $> ls /etc Tells me that there is no file named flag.txt Am I looking in the wrong pla...

help & support

netcat
6 months ago
The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.

QuickSloth

Bronze III

7 months ago

Like my first two posts, this doesn't appear to be on the forum yet.? Not clear if I'm posting to the wrong place, or an admin needs to approve things before they appear.

KieranRowley
Community Manager
7 months ago
Hey QuickSloth welcome to our community!

Please post questions in the Help & Support Forum . I will move this post for you. Please take a look at the Get Started guide for more information.

Forum Discussion

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Featured Places

Help & Support Forum

Related Content

Stuck on "SQL Injection (Module 1) : File download"

TLS Fundamentals: Ep.8 – Final Challenge

TLS Fundamentals Ep.8 - Final Challenge

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Recent Discussions

CVE-2022-26134 (Confluence) – OGNL Injection

Terrapoint (Hats off, Immersive Labs)

Packet Analysis: Demonstrate your skills

ICS Malware: Triton ModuleNotFoundError: No module named 'pefile

Trick or Treat on Specter Street: Ghost of the SOC