Beginner friendly command injection.
Only safeguard is a client sided html pattern, which prevents you from properly escaping the command literals.
View attachment Screenshot 2026-02-18 235136.png
Soo We can just delete the pattern attribute (or send a request manually), escape the shown base command and print out the flag in /opt/flag.txt
'; cat /opt/flag.txt > output.txt; #
The hashtag is required due to the last '
)
View attachment Screenshot 2026-02-18 235307.png
Only safeguard is a client sided html pattern, which prevents you from properly escaping the command literals.
View attachment Screenshot 2026-02-18 235136.png
Soo We can just delete the pattern attribute (or send a request manually), escape the shown base command and print out the flag in /opt/flag.txt
'; cat /opt/flag.txt > output.txt; #
The hashtag is required due to the last '
View attachment Screenshot 2026-02-18 235307.png