YAML Injection


Content Injection.

This module builds on what you’ve learned in the CSV module. Now, it's time to explore YAML injection—where innocent-looking configurations can become powerful attack vectors.

In the YAML module, each challenge walks you through how untrusted YAML input, especially with features like anchors, aliases, and complex tags, can slip past naive parsing and distort logic—or even trigger arbitrary code execution.

You’ll learn how seemingly harmless YAML files can be manipulated to redirect control flow, inject unexpected values, or break security boundaries.



Challenges

In this challenge, the goal is to manipulate the YAML file used to store the logins of users to get the program to think you are the teacher. You will need to inject a string that seamlessly integrates with the structure of YAML in order to do so.

HINT: Try testing what different logins do to the YAML file to understand the structure.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This time, the principle is the same as the last challenge---to inject into the YAML file---but now it will be a bit more of a challenge to insert the payload. The server will now use a standard text input as opposed the the textarea of the previous challenge.

HINT: Research percent encoding.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This is the hardest variation of the YAML challenges, as percent encoding will not work and neither will entering directly into the text box. This time try to find the right solution yourself (there may be a few).

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score