logo

Dojo challenge #30 winners!

ID: e82345ff-34c0-5d7f-a780-e1224b3bfc98

STIX ID: report--e82345ff-34c0-5d7f-a780-e1224b3bfc98

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
60/100

Date Published: 2024-03-12

Date Updated: 2026-07-04

...
...

**Executive Summary:** The report analyzes an OS command injection vulnerability in the Terminal Isolation challenge's Terminal.run() functionality that allows unauthenticated remote code execution via crafted input (e.g., `echo $(cat<>/tmp/flag.txt)`), demonstrates a working PoC that discloses `/tmp/flag.txt`, assesses confidentiality/integrity/availability impacts, and recommends fixes including stricter input sanitization and use of escapeshellcmd/escapeshellarg.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.