$ cat writeup.md…
$ cat writeup.md…
hackerlab
Task: Flask minefield game with balloon parameter. Solution: SSTI in render_template_string() allows RCE via reverse shell to retrieve flag.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar