mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Add detection
This commit is contained in:
parent
871b3bcaf2
commit
7850928d41
@ -342,6 +342,15 @@ ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().ex
|
||||
|
||||
Django template language supports 2 rendering engines by default: Django Templates (DT) and Jinja2. Django Templates is much simpler engine. It does not allow calling of passed object functions and impact of SSTI in DT is often less severe than in Jinja2.
|
||||
|
||||
### Detection
|
||||
|
||||
|
||||
```python
|
||||
{% csrf_token %} # Causes error with Jinja2
|
||||
{{ 7*7 }} # Error with Django Templates
|
||||
ih0vr{{364|add:733}}d121r # Burp Payload -> ih0vr1097d121r
|
||||
```
|
||||
|
||||
### Django Templates for post-exploitation
|
||||
|
||||
```python
|
||||
|
Loading…
Reference in New Issue
Block a user