Forum Discussion
Bronze IIIConfused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"
In the section File Download there is a question on the quiz which asks "What is the value in /etc/flag.txt?"
$> ls /etc
Tells me that there is no file named flag.txt Am I looking in the wrong place?
10 Replies
- KieranRowley
Community Manager
Hi QuickSloth I have taken a look but I can't work out which lab you are referring to, please can you clarify the lab name?
QuickSlothDoes this help?
- netcat
Silver III
The value is on the target system in /etc/flag.txt - not on the local system.
The target system has a vulnerability, maybe to spawn a shell allowing you to download the file, or a vulnerability in the database allowing to either read and display or to download the file.
- QuickSloth
Bump
- QuickSloth
I looked again in /etc and still no file called flag.txt
Am I confused about assuming that there should be a file /etc/flag.txt?
- QuickSloth
Like my first two posts, this doesn't appear to be on the forum yet.? Not clear if I'm posting to the wrong place, or an admin needs to approve things before they appear.
- KieranRowley
Hey QuickSloth welcome to our community!
Please post questions in the Help & Support Forum . I will move this post for you. Please take a look at the Get Started guide for more information.
