SQL INJECTION FUNDAMENTALS - Writing webshell

Is any can help out to give me direction? I really don’t get it on the question “Find the flag by using a Webshell.” even with Hints, I barely not knowing it.
Please help out to give me direction.

Spoiler Removed

hmm spoiler removed.

Yeah - I dont know why it was flagged as a spoiler.

I haven’t looked at this box, so I don’t see how anything I suggest would spoil it for people.

Basically from what you’ve put it looks like the path would be to upload a webshell, or exploit one already there, then use the file system commands to find the thing you are looking for.

I was under the impression that the Academy was to provide more structured learning and guidance than the main boxes. I appear to have been mistaken.

my 2 cents, may be by this time you might already be an expert Bibichan, but for future noobs like me, the task is asking us to upload a program via the sql file; so we write a php program onto the box, and call it via the url. the name in between the is a variable, that you can reference in the url. for example $_REQUEST[0], you can replace this with anything and pass into the URL. so your url would become, .xyz Domain Names | Join Generation XYZ, and it will be executed.

1 Like

march 9… is a long time ago but just follow the module und think hard about in which directory you “output” the webshell and what the hint says…

hopefully that will do the trick :wink:
best of Luck
Porta

Thanks, I didn’t realize this was being used as a variable!