webPromedium
MetricForge
hackadvisor
Task: Business analytics platform with custom formula evaluation using Node.js vm module sandbox. Solution: Escape the vm sandbox via prototype chain traversal (this.constructor.constructor) to access the main process context, require fs, and read /root/flag.txt.
$ ls tags/ techniques/
arbitrary_file_readprototype_chain_traversalvm_sandbox_escapeconstructor_chain_traversal
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 60 — CalcForge — RCE via Expression Evaluator Sandbox Escape— hackadvisor
- [web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor
- [web][Pro]SendForge— hackadvisor
- [web][Pro]Lab 58 — ReportForge — SSRF via PDF Export Logo URL— hackadvisor
- [web][Pro]MetricFlow — DOM XSS via Prototype Pollution Gadget— hackadvisor