Newsletter
Challenge Information
Category: Web Security
Level: easy
Points: 50
description
the administrator put the backup file in the same root folder as the application, help us download this backup by retrieving the backup file name
Solution
after access the lab we open it
now type any valid email and intercepted it in burp and send it to repeater and put the payload (you can search for it ) i will use email ; ls || ,The semicolon (;) will end the statement (line or block of code whatever )to start our commands and the (||) to let the code know the start from (ls) and ignore the dummy mail in the first after typing send the request
now send it
done 🎉
Last updated