Fellow Hackers,
I ran a wordpress plugin backup exploit and I had to set a FILEPATH variable to ‘/flag.txt’ to obtain the flag. By default the path says ‘/etc/passwd’.
What I am trying to understand here is what does this path actually mean in terms of directory. I am guessing there is a flag.txt file at the root of the wordpress that is running on the apache server?
I attempted to run the exploit with the default FILEPATH and my output file ended up looking like this. I reckon it pulled a the ‘passwd’ file from the ‘etc’ directory on the apache webserver?