Velocity

Dojo #28

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Temple - DOJO #28 (Until 13/11/2023)

How to submit your report

  1. Visit the DOJO program at https://yeswehack.com/programs/dojo
  2. Click on submit report
  3. Login or create your account
  4. Submit your report

Description

This time we try to keep the challenge more beginner friendly! Let's be creative, bypass some filters and get a remote code execution (RCE), shall we?

Hint

~ A real hacker knows how to use Google properly

- - help

- -help-Regex

GOAL

BRUTE FORCE IS NOT ALLOWED! Please, do not execute unnecessary system commands on the test system.

A valid solution for the challenge must meet these requirements:

  • Preform a successful Server-Side Template Injection (SSTI) that can execute system commands on the system.

  • Your report MUST include a proof of concept (POC) showing that your payload can execute a system command. Some good commands to use as a POC are the following: id, whoami, ls /, uname -a, groups

~ It is always useful to include an image of the result your payload provided

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result