This challenge is just a basic OS command injection.
Click on the equals sign (=
) and the application creates a POST request, change the parameter value to
expression=;ls
and we found the flag.
![](https://niekdang.wordpress.com/wp-content/uploads/2020/10/image-35.png?w=400)
Flag: ctf{watch_0ut_f0r_th3_m0ng00s3}
This challenge is just a basic OS command injection.
Click on the equals sign (=
) and the application creates a POST request, change the parameter value to
expression=;ls
and we found the flag.
Flag: ctf{watch_0ut_f0r_th3_m0ng00s3}