$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: DocForge collaborative wiki platform (Java/FreeMarker) with template preview endpoint that renders user-supplied FreeMarker code server-side; ?new() built-in is blocked. Solution: Bypass sandbox via ?api built-in to access Java reflection API through article model variable, chain Class.forName → Runtime.getRuntime().exec() to achieve RCE and read /root/flag.txt.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar