Forum Discussion

Bronze III

30 days ago

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?" $> ls /etc Tells me that there is no file named flag.txt Am I looking in the wrong pla...

help & support

QuickSloth

Bronze III

24 days ago

Does this help?

netcat

Silver II

24 days ago

The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.

QuickSloth
Bronze III
24 days ago
Thanks
QuickSloth
Bronze III
9 days ago
Still confused.
I went and worked on the (optional) lab about Unions.
I get the general idea, but I'm not seeing where / how to do one of those commands in this lab.
- netcat
  Silver II
  6 days ago
  Did you do the lab "SQL Injection: sqlmap"?
  Similar task, more guided.

Forum Discussion

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Featured Places

Help & Support Forum

Related Content

TLS Fundamentals Ep.8 - Final Challenge

Stuck on "SQL Injection (Module 1) : File download"

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Re: What tasks do I need to complete to be considered for a job?

Re: Number of labs?

Recent Discussions

Secure Testing: SQL Injection

Microsoft Defender for Cloud: Setup, CSPM, and Compliance

Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Incident Response and Forensics for EC2: Preparation

World Cup Special - Immersive Squad