i think it's quite simple, i just make a request and capture with burp i see the expression in the body of the request and i send the command like ;whoami it's not return anything and i also tryied the other linux command in the ;ls command reveals the flag it's a easy challenge one

that gave me a hard time breathing like 90% of cybers would go for xss and sql injections even in the expression field , most of us tried the to exploit the "id" sqli method

that was... so much easier than I was making it. deleting readonly or hitting up console with a document.getElementById('d').removeAttribute('readonly'); cantrip helps. from there jus try injecty stuff

I gotta say the chall is too easy that it is too hard !

Ok this one was pretty hard

the challenge is Broken :(

simple stuff

I actually enjoyed this one, although I am very peeved by the css.

This challenge is unreasonable. Someone please try implementing the backend of this challenge in PHP. Then he will realize that the challenge is far-fetched.

True. If I knew how does the backend look, I wouldn't use tutorials. I still have no idea what ls means

as i did , its all done with browser .

agree 100%

İts protected pls help

that's true, bro.

that's true, bro.