Well, in this inspection I understand that there are two users on the system (and no one isfergus):hugoandshaun. The flag is under thehugoaccount. It's strange that I cannot launch the commandwhoami(I'll understand after why), anyway I have no access to the flag, probably I'm the ...
2) Improper Access Control in OpenDocMan: CVE-2014-1946 The vulnerability exists due to insufficient validation of allowed action in "/signup.php" script when updating user’s profile. A remote authenticated attacker can assign administrative privileges to the current account and gain complete control...