DeployWare
DeployWare queues repo imports for background processing. The URL you submit isn't used immediately — something else picks it up later.
The Scenario
DeployWare is a GitOps platform that lets teams connect repositories and automate deployments. The Repo Import feature lets users submit a git URL for DeployWare to clone and analyse. The URL is written to a job queue and processed by a background worker that runs every 30 seconds. Nothing executes at submission time, and the import form gives no feedback beyond "job queued." The worker that processes it is running a construction that hasn't been reviewed in months.
Challenge Intel
Synopsis
A GitOps platform that stores repo URLs in a job queue and processes them with a vulnerable background worker — nothing executes at submission time, and the only way out is out-of-band.
What It Is
DeployWare's Repo Import feature writes a user-supplied git URL to a SQLite job queue. A background thread wakes up every 30 seconds and processes pending jobs using a shell git clone command. Because execution is deferred, no output is ever returned to the user, and the web root is not writable, you must exfiltrate the flag via an out-of-band HTTP callback to an interact server.
Who It's For
Testers who have practised blind injection and are ready for a second-order variant that requires real out-of-band exfiltration. You should be comfortable with interact servers (Interactsh, Burp Collaborator) before attempting this.
Skills You'll Practice
- Second-order / stored injection concepts
- Out-of-band (OOB) exfiltration via HTTP callback
- Understanding deferred execution and job queue architecture
- Using an interact server to capture blind execution results
- Timing awareness for asynchronous job processing
What You'll Gain
- A solid mental model for second-order command injection
- Hands-on experience with out-of-band exfiltration using curl
- Practice reasoning about deferred code paths in application architecture
- Confidence approaching blind injection without any in-band feedback
Ready to hack DeployWare?
Upgrade to Pro to unlock this challenge and the full library.