App - Script

So I finally got the answer to this challenge by opening the .passwd file and using readline(). But my question is why didn’t this vulnerability work by simply writing the variable passwd? Because I was able to write strings that I input, but not the variable passwd in the python script. I thought the vulnerability also evaluated variables?

Could you be more specific on how you solved it using readline()? I think passing .passwd as a variable will lead to permission problems, and probably that’s the problem. However I can’t say for sure, because I don’t know how you solved the challenge.