TryHackMe Lo-Fi Walkthrough

Room Link: Lo-Fi

NMAP Scan:

Gobuster Scan:

let’s visit the web page and find the vulnerability.

So as a hint it is given that we have LFI in this room. but where?

http://10.48.130.32/?page=relax.php

OR

http://10.48.130.32/?search=

this returns the same page.

we got it.

../../../../flag.txt