WM02

About The Challenge

Type

Difficulty

Web

Medium

Solution

This challenge was easy but it was having a small trick.

Their was a command injection on the text box input. By typing the following command we can run any system command on the server, but first we have to start with Simi-column ; or pip | commands or any closing command then run the command that we want to execute on the server.

| ls -la

As above figure shows that the flag was hidden in the file .flag.txt and that is the small trick of the challenge. We can show the hidden files and directories using the flag -a with ls command.

Finally we got the flag by printing the value of .flag.txt

Flag is: cmDInjECTIoN-NoFoRAnEP0CH918

PreviousWM01 NextWH01

Last updated 4 years ago

Was this helpful?