logo

Dojo challenge #31 winners!

ID: 9d874b19-aaca-5b42-87d8-ecccc7bef381

STIX ID: report--9d874b19-aaca-5b42-87d8-ecccc7bef381

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
65/100

Date Published: 2024-04-16

Date Updated: 2026-07-04

...
...

This write-up analyzes a Server‑Side Template Injection (SSTI) in Dojo Challenge #31 where a double render and inadequate input filtering allowed an attacker to bypass restrictions using Unicode escapes (e.g. \N{DOLLAR SIGN}) to produce a $ character, inject Jinja-style ${...} expressions, enumerate globals/builtins, import the os module, and execute popen('env') to retrieve environment variables and the flag; the report includes a full PoC payload, risk assessment (confidentiality/integrity/availability), and remediation recommendations (remove the second render or strengthen regex filtering).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.