Triggers a system command (e.g., cat /flag.txt ) to read the secret flag.
In this challenge, participants are presented with a compressed archive ( .7z ) containing the source code for a fictional online storefront called "Moan Shop." The objective is to identify and exploit vulnerabilities within the application to retrieve a hidden "flag"—a specific string of text that proves the system was successfully breached. moanshop.7z
The file is associated with a widely known and high-stakes Capture The Flag (CTF) challenge, typically categorized under Web Exploitation or Reverse Engineering . Triggers a system command (e
In many versions of the "Moan Shop" challenge, the vulnerability is . Triggers a system command (e.g.
The application uses a vulnerable library (like lodash or merge-deep ) to combine user input into a configuration object.