# WM02

## **About The Challenge**

| Type | Difficulty |
| ---- | ---------- |
| Web  | Medium     |

## Solution

![](https://3440279504-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MM4TVxXO_3L3IYJHc1e%2F-MO7Smk3Gpwzf28yTyfG%2F-MO7Tmtm9Kr6HiVfDBwZ%2FCapture.PNG?alt=media\&token=9878f8f1-2ec4-45ca-b685-005d6ee09158)

This challenge was easy but it was having a small trick. 

Their was a command injection on the text box input. By typing the following command we can run any system command on the server, but first we have to start with Simi-column `;` or pip `|` commands or any closing command then run the command that we want to execute on the server. 

```
| ls -la 
```

![](https://3440279504-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MM4TVxXO_3L3IYJHc1e%2F-MO7Smk3Gpwzf28yTyfG%2F-MO7UATMv907d0YY2-v6%2FScreenshot_2020-11-13_14-21-47.png?alt=media\&token=e606b014-14f9-4607-87fb-fd9643fd51dc)

As above figure shows that the flag was hidden in the file `.flag.txt` and that is the small trick of the challenge. We can show the hidden files and directories using the flag `-a` with `ls` command. 

![](https://3440279504-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MM4TVxXO_3L3IYJHc1e%2F-MO7Smk3Gpwzf28yTyfG%2F-MO7WExQgteAgTDq2-wO%2FScreenshot_2020-11-13_14-22-12.png?alt=media\&token=fc5502a6-d496-44c9-88b3-3bf016f3d5c6)

Finally we got the flag by printing the value of `.flag.txt`

**Flag is:** cmDInjECTIoN-NoFoRAnEP0CH918