contact

Newsletter

Challenge Information

  • Category: Web Security

  • Level: easy

  • Points: 50

description

the administrator put the backup file in the same root folder as the application, help us download this backup by retrieving the backup file name

Solution

after access the lab we open it

lab

now type any valid email and intercepted it in burp and send it to repeater and put the payload (you can search for it ) i will use email ; ls || ,The semicolon (;) will end the statement (line or block of code whatever )to start our commands and the (||) to let the code know the start from (ls) and ignore the dummy mail in the first after typing send the request

request

now send it

flag

done 🎉

PreviousEncrypted DatabaseNextwho am i?

Last updated