Forum Discussion

Bronze III

4 months ago

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?" $> ls /etc Tells me that there is no file named flag.txt Am I looking in the wrong pla...

help & support

QuickSloth

Bronze III

3 months ago

Does this help?

netcat

Silver III

3 months ago

The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.

Forum Discussion

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Featured Places

Help & Support Forum

Related Content

Stuck on "SQL Injection (Module 1) : File download"

TLS Fundamentals Ep.8 - Final Challenge

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Re: What tasks do I need to complete to be considered for a job?

Recent Discussions

Windows Exploitation: Bypassing AppLocker Allowed Paths

Hack Your First Web App: Ep.6 - Hydra

Kusto Query Language: Ep.9 – Parsing Complex Data Types.

Haunted Hollow 2023: Haywire Host

"You are not licensed to view this lab"