[Nullcon HackIM CTF Goa 2025][Web] Temptation
Introduction Context Explanation The “Temptation” challenge is a web application security exercise focusing on template injection vulnerabilities in Python web applications. Directive The goal is to retrieve a flag by exploiting vulnerabilities in the web application. Solution Analyzing source code First, we need to retrieve the application’s source code. The webpage contains a hidden comment suggesting to look at /?source. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 <html> <head> <title>Temptation</title> </head> <body> <h1>Temptation challenge</h1> <form action="/" method="POST"> <table> <tr> <th> <label for="temptation">What is your temptation?...