BOOK THIS SPACE FOR AD
ARTICLE ADHey folks, here is a simple web challenge for you…
The name of the challenge is Templated.
Let’s start by opening the web interface.
Flask/Jinja2We can see that the site uses python, let’s look bit more…
The web uses Werkzeug/1.0.1 Python/3.9.0.
Vulnerable to SSTIWhile doing basic tests we got that the site is vulnerable to SSTI!! 😋
SSTI = Server-Side Template Injection
I quickly searched Google and came across Gus Ralph’s write-up on Server Side Template Injection with Jinja2.
Let’s Exploit!!
Exploitation part is very basic.
Payload = {{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}
Let’s try listing files.
We found the flag.txt!! Read the file to get the flag.
Yeahhyy!!💥We got the flag!!!
That way a simple SSTI challange!! Try it yourself ❤