Server-Side Attacks Example 1

Hello everyone. Have problems with Question in “SSTI Exploitation Example 1” Server-Side attacks module

Use what you learned in this section to obtain the flag which is hidden in the environment variables. Answer format: HTB{String}

I spent a many hours but can’t find a flag. I think I did everything

I am stuck as well. I was able to gain RCE from tplmap.py but still no clues.

Thanks @onthesauce . I didn’t understand the task at first

@Mentally6, hint: there is a command in Linux where you can see everything about your environment

2 Likes

Hey, huge thanks man. It was pretty confusing to me as well cuz there is file named environment in an adjacent directories lol.