DOM Monitor (Part 2)

web javascript bot FCSC 2025 solved on

star star star

Description

Your vulnerability report was impressive, but for it to be validated, you need to prove you can execute the /get_flag binary. Could you demonstrate the real impact of this security flaw? We’re eagerly awaiting your proof of execution! :)

Webapp: http://localhost:8000/

Bot: nc localhost 4000

Files

Author

Mizu

Challenge Instructions

  1. First, download docker-compose.yml:
    curl https://hackropole.fr/challenges/fcsc2025-web-dom-monitor/docker-compose.public.yml -o docker-compose.yml
  2. Launch the challenge by executing in the same folder:
    docker compose up
  3. Access the challenge at http://localhost:8000/.
  4. Then, in another console, access the challenge with Netcat:
    nc localhost 4000
⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.