“Now presenting cowsay as a service”
Category: Web Exploitation
Link. Link to included file: index.js
After downloading the
index.js file, this snippet of code stood out
It seems like the webapp is executing cowsay straight from the commandline, from the path
/usr/games/cowsay. My first thought is to try to pipe the result into another command. Normal usage of the site would result in something similar to the following image:
But what if we try to pipe the result into something else?