DOJO CHALLENGE #10 Winners!
ID: 98609a0b-6251-5087-b5b3-bce9f97ee8b5
STIX ID: report--98609a0b-6251-5087-b5b3-bce9f97ee8b5
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
Threat Score
This write-up documents a proof-of-concept exploit against a JavaScript "palindrome" challenge where input s is mirrored (s + reverse(s)) and evaluated with eval. By supplying the payload `KEY|`, the mirrored expression `KEY||YEK` exploits short-circuit evaluation to return the secret KEY and disclose the flag; the report includes code, PoC, and mitigation suggestions such as removing eval or tightening input filtering.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
