Official discussion thread for Breathtaking View. Please do not post any spoilers or big hints.
If anyone wants to share solutions, DM me.
I think I found a way, but I couldn’t exploit it yet. Any help or hint would be appreciated
URL encode the payload
Just started with the challenge and I don’t have a clue how to approach it.
Seems like the language parameter might be vulnerable but am not sure how to further test.
Any specific tips?
which payload? I have tried many java payloads attempting to achieve template injection.
SOLVED.
It is all about finding the correct payload to be used.
could you help me? I’m stuck! I have tried thousands of loads and nothing works
You can DM me for the used payload.
Got RCE with the string check commented out. But unable to bypass it with it in. URL encoding, double URL encoding, unicode chars, hex chars, unicode alt chars, various concat combos, none working for me. Can I get a nudge please? Thanks.
Done.
1 Like
I got the same problem as @SoftShell, but with some fancy funcy java it bypassed the string check
I suffered with this challange cause lack of deep java knowledge.
But it was worth it 
Total time around 4-5 hours