Secure escapes

HardSecure Coding

Overview

S C E N A R I O
A web application provides a feature that allows users to fetch external content from a given URL while optionally supplying custom HTTP headers. The backend processes this request by constructing and executing a curl command on the server.

Although input sanitization functions are used, the application still dynamically builds shell commands using user-supplied data, which may introduce security risks if not handled correctly.

Careful analysis of how user input is processed and passed into system commands is required to assess the security of the implementation.

O B J E C T I V E
Analyze the provided PHP source code, identify potential weaknesses in input handling and command construction, and determine whether the application can be influenced in an unsafe way to retrieve the flag.

Infrastructure PHP Web Application
Provided Files src/ directory (accessible via /challenge/)
Flag Format Flag{}

Job Positions

Application Security Engineer

Tags

Input ValidationCode ReviewOwasp Top 10Input FilteringInjection PreventionCommand Injection Prevention