Temple - DOJO #28 (Until 13/11/2023)

How to submit your report

1. Visit the DOJO program at https://yeswehack.com/programs/dojo
2. Click on submit report
3. Login or create your account
4. Submit your report

---

Description

This time we try to keep the challenge more beginner friendly! Let's be creative, bypass some filters and get a remote code execution (RCE), shall we?

Hint

~ A real hacker knows how to use Google properly

- - help

- -help-Regex

GOAL

BRUTE FORCE IS NOT ALLOWED! Please, do not execute unnecessary system commands on the test system.

A valid solution for the challenge must meet these requirements:

• Preform a successful Server-Side Template Injection (SSTI) that can execute system commands on the system.

• Your report MUST include a proof of concept (POC) showing that your payload can execute a system command. Some good commands to use as a POC are the following: id, whoami, ls /, uname -a, groups

~ It is always useful to include an image of the result your payload provided