Forum Discussion

Bronze III

2 months ago

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?" $> ls /etc Tells me that there is no file named flag.txt Am I looking in the wrong pla...

help & support

QuickSloth

Bronze III

2 months ago

Does this help?

netcat

Silver II

2 months ago

The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.

QuickSloth
Bronze III
2 months ago
Thanks
QuickSloth
Bronze III
2 months ago
Still confused.
I went and worked on the (optional) lab about Unions.
I get the general idea, but I'm not seeing where / how to do one of those commands in this lab.
- netcat
  Silver II
  2 months ago
  Did you do the lab "SQL Injection: sqlmap"?
  Similar task, more guided.

Forum Discussion

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Featured Places

Help & Support Forum

Related Content

Stuck on "SQL Injection (Module 1) : File download"

TLS Fundamentals Ep.8 - Final Challenge

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Re: What tasks do I need to complete to be considered for a job?

Recent Discussions

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Threat Research: Dependency Confusion Lab

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Active Directory Basics: Demonstrate Your Skills

Introduction to Detection Engineering: Ep.3 – Parent Processes - Kibana says no