SQL INJECTION FUNDAMENTALS - Writing webshell

Is any can help out to give me direction? I really don't get it on the question "Find the flag by using a Webshell." even with Hints, I barely not knowing it.
Please help out to give me direction.

Comments

  • Spoiler Removed

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • hmm spoiler removed.

  • Yeah - I dont know why it was flagged as a spoiler.

    I haven't looked at this box, so I don't see how anything I suggest would spoil it for people.

    Basically from what you've put it looks like the path would be to upload a webshell, or exploit one already there, then use the file system commands to find the thing you are looking for.

    I was under the impression that the Academy was to provide more structured learning and guidance than the main boxes. I appear to have been mistaken.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • my 2 cents, may be by this time you might already be an expert Bibichan, but for future noobs like me, the task is asking us to upload a program via the sql file; so we write a php program onto the box, and call it via the url. the name in between the [] is a variable, that you can reference in the url. for example $_REQUEST[0], you can replace this with anything and pass into the URL. so your url would become, xyz.com/0=id, and it will be executed.

Sign In to comment.