Freemarker

Find the secret variable

by YesWeHack

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

A secret variable has been introduced in the template, it can be used anywhere in the template.

Goal: Print secret variable

Hints

Hint #1

expand_more

Custom variables inserted into the template are stored in a special variable called .dataModel.

Hint #2

expand_more

You can use .dataModel?keys to get the list of array keys.

Solution

Read the solution

expand_more

The solution was to find the ?keys feature of Freemarker which allows to get the keys of the .dataModel array.

You could then list them by hand by doing .dataModel?keys[0] or by using Freemarker's lists feature: <#list .dataModel?keys as k>${k}, </#list> .

Then it was enough to find the key this 1s s3cr3t and display it: ${.dataModel["this 1s s3cr3t"]} which gave: "Hello 0f51779f2b93d3b0e290237091f35a21!"

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result