Outline 1 ( Web exploitation )

Challenge: Outline 1

Upon connecting to the server, we are greeted with this login page.

I decided to register an account with username "r" and password "r" and logged in into the account. Which led me to this page.

Tested for SSTI vulnerability with {{7*7}} payload.

This was the result from the payload {{7*7}}

Replaced the payload {{config}}

Looking at 'SECRET_KEY' the flag is given there :)!

LNC2022{s1mpl3_fl4sk_s3rv3r_s1d3_t3mpl4t3_1nj3c10n}