Solution for YesWeHack’s #8 DOJO Challenge

For the latest addition to YesWeHack’s Dojo series, we’re faced with the challenge of fetching the secret that EvilCorp2.0 is storing on the /secret endpoint. To obtain this secret, we need to find a way through the security mechanisms that EvilCorp2.0 has put in place for their small app. Their app is created using Deno and it allows us to specify a URL as a string, which the server will fetch for us if it passes the security mechanisms.

Time to exploit

We now have a basic understanding of the app, so let’s exploit it! Let’s start by providing the string http://127.0.0.1:5000/ping which we know will pass the security mechanisms because of check 1 in waf

Try, fail, try again

Let’s create a test environment to test for inconsistencies in the Deno URL object. To do so, we can simply use the Dojo Playground!

Bug Bounty Hunter