Level 6 - Level 7
This the page had two links, Home and About
On checking these links found nothing.
But both of the above mentioned pages were fetched using the URL Query Parameter page
.
And on the index page http://natas7.natas.labs.overthewire.org/, there was a hint in the source code of the page, which stated that the password for webuser natas8
is in /etc/natas_webpass/natas8
.
The URL parameter and the hint triggered me about the LFI vulnerability. On testing whether the paramter is vulnerable to LFI by entering the password file location /etc/natas_webpass/natas8
to the page
URL parameter [ http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8 ], resulted with the contents of the password file.
Last updated