Freemarker

Playing with built-in variables

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Try to find the used version of Freemarker.

Goal: Leak Freemarker version

Hints

Hint #1
expand_more

Freemarker provides special variables with information about the current system. Try to find the variable that corresponds to the version.

Hint #2
expand_more

Here is the documentation that references all of Freemarker's special variables: https://freemarker.apache.org/docs/ref_specvar.html

Solution

Read the solution
expand_more

The solution was to find the special variable .version, and call it like this: ${.version}. This gave: "Hello 2.3.28!"

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result