logo

Dojo challenge #33 winners!

ID: 69b74586-3181-503d-acfb-2b6aebcd5289

STIX ID: report--69b74586-3181-503d-acfb-2b6aebcd5289

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
50/100

Date Published: 2024-06-25

Date Updated: 2026-07-04

...
...

This report is a detailed write-up of a path traversal / local file inclusion vulnerability in a Python web app used as a Dojo challenge: it analyzes source code, identifies input validation weaknesses, shows how filters are bypassed via a file:// wrapper with an octal localhost (0177.1) and percent-encoding to read arbitrary files (POC: file://0177.1/tmp/secrets/f%6c%61%67.txt), reveals the challenge flag, and gives remediation guidance (file permissions, whitelists, stronger input validation).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.