Forum Discussion

QuickSloth's avatar
QuickSloth
Icon for Bronze III rankBronze III
30 days ago

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?" $> ls /etc Tells me that there is no file named flag.txt  Am I looking in the wrong pla...
help & support
KieranRowley's avatar
KieranRowley
Icon for Community Manager rankCommunity Manager
24 days ago

Hi QuickSloth​ I have taken a look but I can't work out which lab you are referring to, please can you clarify the lab name?

  • QuickSloth's avatar
    QuickSloth
    Icon for Bronze III rankBronze III
    24 days ago

    Does this help?

     

    • netcat's avatar
      netcat
      Icon for Silver II rankSilver II
      24 days ago

      The value is on the target system in /etc/flag.txt - not on the local system.
      The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.

      • QuickSloth's avatar
        QuickSloth
        Icon for Bronze III rankBronze III
        24 days ago

        Thanks