Neonify HTB Walkthrough
This post documents my process for solving the Neonify box on Hack The Box. This challenge revolves around a Ruby application vulnerable to Server-Side Template Injection (SSTI) via a regex newline bypass. Challenge Description It’s time for a shiny new reveal for the first-ever text neonifier. Come test out our brand new website and make any text glow like a lo-fi neon tube! Solution After looking at the source code, I noticed it was a Ruby application and suspected some kind of command injection. I didn’t immediately see the path, so I referred to a writeup and discovered that the challenge is about “ERB SSTI via newline regex bypass.” There’s very little public writeup info on this exact method, which made it a great learning opportunity. ...