Node.js

Dojo #8

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

YOU CSHALL NOT PASS - DOJO #8

Chall

EvilCorp2.0 has a script to check the current state of an internal service. They want to make sure that this script, with all its security, cannot be used to retrieve the secret path..

If you find a way to get the secret using this script, let us know!

Goal

Find a way to bypass all security mechanisms to retrieve the /secret.

BRUTEFORCE IS NOT ALLOWED

Hints

Hint #1
expand_more

Hint #1

You can find the secret on localhost port 5000 and path /secret

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result