[/MNT/AIN LIB] [WEB] retro-serve

retro-serve​

SRC: https://library.m0unt41n.ch/challenges/retro-server

This challs service allows execution of a list of commands... the way its check is kinda flawed tho it checks if the commands are within the commands... so if we craft a malicious command including an allowed command and chain them with ; we are free too RCE.

JavaScript: 
  const containsAllowed = allowed.some(allowedCmd => cmd.includes(allowedCmd));
  if (!containsAllowed) {
    return res.render('healthcheck', { output: 'Invalid command! Must contain one of: ' + allowed.join(', ') });
  }

So instead of a fancy script or curl il just inspect element the value of the select option lulz. Like this i even get a visually pelasing result.

1752663604684-png.54
 

Attachments

  • 1752663594494.png
    135.6 KB · Views: 2
  • 1752663604684.png
    131.5 KB · Views: 2
Click to expand...
You must log in or register to reply here.

Online statistics

Members online
0
Guests online
1
Total visitors
1
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Back
Top