here is a figlet as a service , it's only running the "figlet" command , try to hack it!
In this challenge we can enter some text and it will display the text in figlet format.
From the discription we can see the backend of the web-app is running the figlet
command, So we can try command injection payloads.
we can see some character are blocked/filetered ,but it can be easily bypassed using $()
trick
$(ls)
to get the list of files
$(cat flag.txt)
to get the flag