diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 2f88b82..feb6860 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -35,6 +35,7 @@ * [Jinja2](#jinja2) * [Basic injection](#basic-injection) * [Template format](#template-format) + * [Debug Statement](#debug-statement) * [Dump all used classes](#dump-all-used-classes) * [Dump all config variables](#dump-all-config-variables) * [Read remote file](#read-remote-file) @@ -338,6 +339,16 @@ The above injections have been tested on Flask application. ``` +### Debug Statement¶ + +If the Debug Extension is enabled, a `{% debug %}` tag will be available to dump the current context as well as the available filters and tests. This is useful to see what’s available to use in the template without setting up a debugger. + +```python +
{% debug %}
+``` + +Source: https://jinja.palletsprojects.com/en/2.11.x/templates/#debug-statement + ### Dump all used classes ```python @@ -510,4 +521,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230 * [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - 15 APR 2020](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/) * [Expression Language injection - PortSwigger](https://portswigger.net/kb/issues/00100f20_expression-language-injection) * [Bean Stalking: Growing Java beans into RCE - July 7, 2020 - Github Security Lab](https://securitylab.github.com/research/bean-validation-RCE) -* [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf) \ No newline at end of file +* [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)