Mirage Track

Level 21 → Level 22

Template Injection
900 pts+125 first-blood bonus

Objective

Sendly. Your input is rendered as a template, server-side. Escape the data, reach the engine (SSTI → RCE).

How to play

Open the target in your browser, find the flaw, and exploit it. On success the page reveals the login for the next level — that password is this level's flag. Submit it on the track page (or /submit) to bank the points.

Target

Log in as l21 with the password you captured on the previous level, then:
https://mirage-l21.breachlab.org
Open target ↗
🩸
First Blood captured by
ACTIVE RECORD