I am stuck on this part of the module.
I am trying to find /.flag.txt but first im just try to use basic exploits to make sure i know what i’m doing…
My payload is:
`?xml version=“1.0” standalone=“yes”?>
but all i get is a blank white screen once i upload and view the file.
I have also tried /flag.txt and /etc/hostname.
and the payload is from: PayloadsAllTheThings/README.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
Edit: I figured i should add that i use the inspect tool to see if its displayed in the code on the page at all…Should i be extracting the source code via php filtering in order to view the output? seems like it would show on the page displayed in place of an image as images display fine.
UPDATE: I was able to get the flag by refreshing the home page. I was navigating to / “upload_directory”/ before and it didn’t show there for some reason.