Labs / Corporate Breach 2
- Daily Challenge
- Released 09 Jul 2025
The lab needs to be started first.
Step 1: Click on the green button to Start the Lab
Step 2: Hack the URL or IP of the lab
Step 3: Use your skills and logic to find the flags!
Need help to start?
Daily Challenge
Corporate Breach 2 - Solution Walkthrough
Step 1: Reconnaissance
- Access the corporate website at
- Explore the navigation and observe the URL structure
- Notice the
pageparameter in URLs like?page=about
Step 2: Understanding the Vulnerability
- The application uses
include $page . '.php' - This means
?page=aboutbecomesinclude 'about.php' - Try accessing
?page=admin/index - This becomes
include 'admin/index.php'
Step 3: Exploiting the LFI
- Navigate to
?page=admin/index - This will include the admin panel file
- The admin panel will display the flag
Step 4: The Flag
- The flag is displayed in the admin panel:
6a702640-7e26-47fb-ab55-93475c2d6040 - Submit this as your answer
Technical Details
- This demonstrates a more subtle LFI vulnerability
- The automatic .php extension can be exploited to access files in subdirectories
- No directory traversal needed - just path manipulation
- Shows the importance of proper file inclusion validation