Akshay
15 days agoBronze I
OWASP 2017 Java: Underprotected APIs
I am stuck on the "OWASP 2017 Java: Underprotected APIs" challenge.
- I have tried accessing "<Target URL>/FileDownloadServlet?path=/etc/&file=flag.txt," for which I received the error message "HACKING DETECTED! Your activity has been logged, and authorities have been informed."
- I created a user with admin privileges and used its session to access the above-mentioned URL, but that also didn't work.
Hey Akshay ππ»,
Welcome to the Human Connection π
I've just had a look at the information on our internal lab page, and it does look like you are searching for the right endpoint here (/FileDownloadServlet).
You will need to use the directory traversal to include the flag from /etc/flag.txt /FileDownloadServlet?file=flag.txt&path=/var/lib/tomcat9/../../../../etc
I'm hoping that this will help, but just in case you have any further problems solving this, I'll tag in my colleague NyePrior to see if they have any other guidance to help ππ»
Let us know how you get on with your attempt!
Kindest regards,
Chris