OWASP 2017 Java: Underprotected APIs
I am stuck on the "OWASP 2017 Java: Underprotected APIs" challenge. I have tried accessing "<Target URL>/FileDownloadServlet?path=/etc/&file=flag.txt," for which I received the error message "HACKING DETECTED! Your activity has been logged, and authorities have been informed." I created a user with admin privileges and used its session to access the above-mentioned URL, but that also didn't work.Solved30Views2likes1Comment