# [EN] Blank Site 1 ###### tags: `Writeup` `Web` `English` > [name=Curious] ## Train Of Thought & Solution Upon entering the challenge, it was noticed that there was an image. Upon closer inspection, it was observed that this image was loaded from `/uploads?file=BlankSite.png`. It was hypothesized that it might be possible to exploit the `file` parameter to read files from the server. If an arbitrary filename is inputted  It can be observed that the server returns an error message. Within the error message, the presence of the `/app/app.py` file is visible. By using `../../../../app/app.py`, it is possible to download this file and obtain the flag. {%hackmd M1bgOPoiQbmM0JRHWaYA1g %}