ScholarPress

hackadvisor

Task: Flask-based academic platform with LaTeX PDF export via pdflatex, no input sanitization. Solution: LaTeX injection using \\input{/proc/self/environ} to read flag from environment variable.

flask file_read decoy_flag environment_variable alpine_linux pdf_export proc_environ latex_injection pdflatex

honeypot_flag_detectionlatex_input_file_readproc_self_environ_extractionserver_side_latex_compilation_abuse

$ ls tags/ techniques/

flask file_read decoy_flag environment_variable alpine_linux pdf_export proc_environ latex_injection pdflatex

honeypot_flag_detectionlatex_input_file_readproc_self_environ_extractionserver_side_latex_compilation_abuse

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 345 — PrintForge — RCE via Ghostscript Command Injection— hackadvisor
[web][Pro]Lab 17 — DocuSign Pro — Path Traversal in Document Export— hackadvisor
[web][Pro]BillForge— hackadvisor
[web][Pro]DocuNest— hackadvisor
[web][Pro]Lab 13 — WebForge — Insecure Deserialization in Config Import— hackadvisor