Sorry for not being related to your question, but could I ask for your opinion on Question1âs code? As far as I see, the âwhoamiâ function of the application could potentially be vulnerable to code injection through the userâs âuidâ, but what is actually assigned to the user through the token we pass in is âsidâ (auth-controller.js - line 99). So, âwhoamiâ seems like a rabbit-hole, doesnât it?
Challenge: There are at least 2 different ways to obtain remote code execution on the target. So, once you are able to exploit one vulnerability, try to identify the other and exploit it as well.
I managed to exploit /ping but cannot find any other vulnerabilities. What did I miss?
But my app is not crashing, when I run it locally it works as expected. On the platform I still have the message: âResult: Injection Failed. code injection should not be possible, even without sanitization or validationâ
This SA2 is very poorly implemented.
Mine works completely fine locally. All args validations are there, no crashes, no injection possible etc.
Kept getting either âpatch test failedâ or âinjection failedâ regardless. There are no hints, no explanation, no nothing. Yes Iâve toggled the hint button but thereâs literally no output still. Iâve no idea what Iâve done wrong and what it wants from me. Extremely frustrated and confused.
OK after a couple days was finally able to solve this SA2 and got the last flag. Iâm still of the opinion that this challenge is poorly implemented and terribly communicated.
My final version of the script goes againt pretty much every idea of programming best practices, in particular of what goes inside or outside try-catch blocks, when and where your validations are done etc.
In short, to pass this challenge you probably need to disregard your years of programming instinct, habits, and best practices.
Ok I finally managed⌠If your struggle to have the flag but you think you checked everything, move your sanitization and verifications checks somewhere else in your code.
Hi all, I am stuck on SA2. I sanitized everything I could think about, even thinking to use the generatepassword function externally, but I still get âPatch test failed. Please try again.â. Would any of you be available to check my code and give me a nudge? Thanks a lot