# 2️⃣ Web 300: BlinkerFluids

The challenge contains of web app and a source code. The page contains of markdown editor and after submission it convert the text to pdf. Reviewing the source code and its node.js, basically checking the packages.json for possible vulnerable packages, that's where I notice the md-to-pdf package.

Then I tried to searched for possible exploit and found RCE on snyk.io :

Which leads me to check to the github issues where I found an interesting comment.

I created an RCE code and supplied it to the markdown editor and I click submit.

Then, I created another markdown to check if the rce2.txt is created, and it listed all the files which the rce2.txt has been created.

I created a final markdown content to read the rce2.txt, then i got the flag.

Conclusion: ***Package vulnerabilities help me get the flag that highlighted the importance of source code review.*** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ctf.laet4x.com/ctf-2022/htb-cyber-apocalypse-2022-intergalactic-chase/2-web-300-blinkerfluids.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.