This lab uses the Freemarker template engine. It is vulnerable to server-side template injection due to its poorly implemented sandbox. To solve the lab, break out of the sandbox to read the file my_password.txt from Carlos's home directory. Then submit the contents of the file.
You can log in to your own account using the following credentials:
Log in and edit one of the product description templates. Notice that you have access to the product object.
Load the JavaDoc for the Object class to find methods that should be available on all objects. Confirm that you can execute ${object.getClass()} using the product object.
Explore the documentation to find a sequence of method invocations that grant access to a class with a static method that lets you read a file, such as: