Outline 2 ( Web exploitation )

Challenge: Outline 2

Same webpage as Outline 1. Made an account, signed in. Typed {{users}} to see possible users I could intercept.

This was the output from using payload {{users}}

I found some website that could decrypt password hashes for me and got the password b1g5h0t$

I logged into the admin's account and accessed the web directory /flag.

LNC2022{n0t_4s_s1mpl3_fl4sk_s3rv3r_s1d3_t3mpl4t3_1nj3c10n}