mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Update README.md
Add reference to debug tag for Jinja2
This commit is contained in:
parent
cc95f4e386
commit
502a8121b4
@ -35,6 +35,7 @@
|
||||
* [Jinja2](#jinja2)
|
||||
* [Basic injection](#basic-injection)
|
||||
* [Template format](#template-format)
|
||||
* [Debug Statement](#debug-statement)
|
||||
* [Dump all used classes](#dump-all-used-classes)
|
||||
* [Dump all config variables](#dump-all-config-variables)
|
||||
* [Read remote file](#read-remote-file)
|
||||
@ -338,6 +339,16 @@ The above injections have been tested on Flask application.
|
||||
|
||||
```
|
||||
|
||||
### Debug Statement¶
|
||||
|
||||
If the Debug Extension is enabled, a `{% debug %}` tag will be available to dump the current context as well as the available filters and tests. This is useful to see what’s available to use in the template without setting up a debugger.
|
||||
|
||||
```python
|
||||
<pre>{% debug %}</pre>
|
||||
```
|
||||
|
||||
Source: https://jinja.palletsprojects.com/en/2.11.x/templates/#debug-statement
|
||||
|
||||
### Dump all used classes
|
||||
|
||||
```python
|
||||
@ -510,4 +521,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230
|
||||
* [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - 15 APR 2020](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)
|
||||
* [Expression Language injection - PortSwigger](https://portswigger.net/kb/issues/00100f20_expression-language-injection)
|
||||
* [Bean Stalking: Growing Java beans into RCE - July 7, 2020 - Github Security Lab](https://securitylab.github.com/research/bean-validation-RCE)
|
||||
* [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
|
||||
* [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
|
||||
|
Loading…
Reference in New Issue
Block a user