Forum Discussion

Bronze III

3 months ago

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?" $> ls /etc Tells me that there is no file named flag.txt Am I looking in the wrong pla...

help & support

KieranRowley

Community Manager

3 months ago

Hi QuickSloth I have taken a look but I can't work out which lab you are referring to, please can you clarify the lab name?

QuickSloth

Bronze III

3 months ago

Does this help?

netcat
Silver III
3 months ago
The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.
- QuickSloth
  Bronze III
  3 months ago
  Thanks
- QuickSloth
  Bronze III
  2 months ago
  Still confused.
  I went and worked on the (optional) lab about Unions.
  I get the general idea, but I'm not seeing where / how to do one of those commands in this lab.
  - netcat
    Silver III
    2 months ago
    Did you do the lab "SQL Injection: sqlmap"?
    Similar task, more guided.

Forum Discussion

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Featured Places

Help & Support Forum

Related Content

Stuck on "SQL Injection (Module 1) : File download"

TLS Fundamentals Ep.8 - Final Challenge

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Re: What tasks do I need to complete to be considered for a job?

Recent Discussions

Foundational Static Analysis: API Analysis step 10

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Snort Rules: Ep.9 – Exploit Kits

Snort Rules: Ep.7 – Lokibot Infection Traffic

Pen Test CTFs: Artica Shipping Company