Forum Discussion
Bronze IWorld Cup Special - Immersive Squad
need help with this lab ,
i have bypassed the cookie to login as croatia manger , even double encoded ../ to get path traversal payload.
still i am getting empty roster as output, (see image attached).
so please help here ?
Hi sargentv You're on the right lines, but try looking in other directories than just the parent directory (aka ..). You may also find absolute paths useful
4 Replies
- netcat
Silver III
Depending on the cookie and query string, there are different outcomes (You are...). Do a few different combinations, write the results down, and think about it.
If you still can't find the solution, write them here for discussion.
IncognitoBroI am racking my brain trying to figure this lab out. No matter what I try I keep getting blank team lists. I have tried double encoding and everything.
Any chance of some more guidance?**EDIT - Got it. Actually, annoyed how simple that was with another quick Google search on common areas for files to be hosted 🙃
IotS2024Bronze III
this is a little bit odd. try not a relative, maybe try an absolute path :)
Hi sargentv You're on the right lines, but try looking in other directories than just the parent directory (aka ..). You may also find absolute paths useful
