filmov
tv
Python SSTI: Attack Flask framework using Jinja2 template engine
Показать описание
In this episode of "from 0 to pentesting hero" we'll talk about template engines and Server-Side Template Injections attack.
This time we'll use python as an example and flask framework, in which we will use Jinja2.
Long ago, pieces of code responsible for application logic and content displayed to the user were stored in one file.
As you can guess, such mix was not only difficult to control, but also caused a lot of bugs in applications.
Because of that, template engines were created. Thanks to them, the logic of the page is stored in one file and everything that is to be displayed in the second.
Initially, these engines were simple and in most cases worked like good old "find and replace" feature known from word processors.
With time, however, their capabilities have increased drastically. It can be observed on the example of Jinja2 documentation, which is a popular engine used in applications created in Python.
Currently, it can be said that these engines are programming languages themselves. And usually you can perform a lot of potentially dangerous activities such as reading any file or executing any code.
So what will happen when a programmer forgets how powerful tool he has and uses it in a wrong way?
#from0topentestinghero #security #python
This time we'll use python as an example and flask framework, in which we will use Jinja2.
Long ago, pieces of code responsible for application logic and content displayed to the user were stored in one file.
As you can guess, such mix was not only difficult to control, but also caused a lot of bugs in applications.
Because of that, template engines were created. Thanks to them, the logic of the page is stored in one file and everything that is to be displayed in the second.
Initially, these engines were simple and in most cases worked like good old "find and replace" feature known from word processors.
With time, however, their capabilities have increased drastically. It can be observed on the example of Jinja2 documentation, which is a popular engine used in applications created in Python.
Currently, it can be said that these engines are programming languages themselves. And usually you can perform a lot of potentially dangerous activities such as reading any file or executing any code.
So what will happen when a programmer forgets how powerful tool he has and uses it in a wrong way?
#from0topentestinghero #security #python
0:03:20
Python SSTI: Attack Flask framework using Jinja2 template engine
0:03:48
ESCALATING SSTI TO RCE IN FLASK APPLICATION
0:08:06
web hacking: python Jinja2 SSTI vulnerability and code execution
0:00:36
defacing a site using a flask jinja2 SSTI vulnerability in render_template_string
0:03:38
SSTI IN FLASK CTF WALKTHROUGH [24-07-2021]
0:01:54
SSTI in 100 seconds
0:31:24
TryHackMe! - Introduction to Flask & exploiting SSTI.
0:05:15
Exploiting Serverside Template Injection on jinja2 - Flask Python
0:09:54
Server-Side Template Injections Explained
0:12:19
Server-Side Template Injection (SSTI) Flask/Jinja
0:28:28
hacking RCE & SSTI remote code execution and server side template injection vulnerabilities of F...
0:05:38
Djnago Template Server Side Template INjection [SSTI]
0:01:04
Python Flask XSS - Escape Characters - SQL injection - Cross-Site Scripting - OWASP - Web Security
0:30:44
Hacking Web - SSTI (Server-Side Template Injection)
1:35:48
CIS30C Unit 11 Lecture: Flask and Web App Vulnerability Assessment in Python.
0:03:21
SSTI - Atak na Flask przy użyciu silnika szablonów Jinja2
0:30:12
Vulnerability SSTI lead to RCE pada Flask
0:10:19
Ultimate SSTI Beginner Guide: From Identify To Exploit
0:09:52
Python Flask App H.A.C.K.E.D - Basilic CTF Ep1
0:00:16
Server Side template Injection is also possible on Django. Just Google ssti Django
0:00:13
Machine Learning WAF demo example [SSTI]
0:22:45
{{SSTI}} From Developing Side
0:10:21
Server-Side Template Injection w/ Flask | Flaskcards [34] picoCTF 2018
0:19:30
How to secure our flask app from xss attacks using html module
Комментарии