Python Flask Jinja2 SSTI Payload Analysis

preview_player
Показать описание
I'll walk through a common SSTI payload pulled from PayloadsAllTheThings and look at how it works, using the Flask request object to get a function, which gives access to the __globals__. From there it gets the __builtins__ dictionary and the __import__ function.

[00:00] Introduction
[00:55] Data overview
[01:33] Making dummy Flask app
[02:35] Flask request object
[03:38] request in Jinja context
[04:22] attr / getattr / dot
[05:30] Using function to get __globals__
[07:40] Getting __builtins__ from __globals__
[09:31] Using __import__ to get the os module
[10:31] Getting execution
[11:50] Conclusion

#ssti #ctf #python #jinja2
  1. 0xdf
Рекомендации по теме
Python Flask Jinja2 0:12:28

Python Flask Jinja2 SSTI Payload Analysis

web hacking: python 0:08:06

web hacking: python Jinja2 SSTI vulnerability and code execution

Python SSTI: Attack 0:03:20

Python SSTI: Attack Flask framework using Jinja2 template engine

GreHack 2021 - 0:20:58

GreHack 2021 - Optimizing Server Side Template Injections payloads for jinja2 (EN)

ESCALATING SSTI TO 0:03:48

ESCALATING SSTI TO RCE IN FLASK APPLICATION

Server-Side Template Injection 0:12:19

Server-Side Template Injection (SSTI) Flask/Jinja

Exploring Python SSTI 0:22:25

Exploring Python SSTI Payloads - Bolt Beyond Root [HackTheBox]

SSTI in 100 0:01:54

SSTI in 100 seconds

GreHack 2021: Optimizing 0:24:17

GreHack 2021: Optimizing Server Side Template Injection Payloads for jinja2 - Remi Gascou

Find and Exploit 0:08:34

Find and Exploit Server-Side Template Injection (SSTI)

hacking RCE & 0:28:28

hacking RCE & SSTI remote code execution and server side template injection vulnerabilities of F...

Server-Side Template Injections 0:09:54

Server-Side Template Injections Explained

Optimizing Server Side 0:24:17

Optimizing Server Side Template Injection Payloads for jinja2 Remi Gascou

#BugBounty | Server 0:07:39

#BugBounty | Server Side Template Injection [SSTI] to RCE to Reverse Shell | Exploit PoC | #CTF

{{SSTI}} From Developing 0:22:45

{{SSTI}} From Developing Side

SSTI for Bug 0:06:23

SSTI for Bug Bounty | Server-Side Template Injection

Server Side Template 0:05:54

Server Side Template Injection | SSTI | Web Security

Vulnerability SSTI lead 0:30:12

Vulnerability SSTI lead to RCE pada Flask

HackTheBox -Templated Exploit 0:07:55

HackTheBox -Templated Exploit SSTI(Server-Side Template Injection) Vulnerablity

Hacking Web - 0:30:44

Hacking Web - SSTI (Server-Side Template Injection)

Server Side Template 0:11:58

Server Side Template Injection Understanding With Live Demo | Example | Attack | Payloads

Server Side template 0:00:16

Server Side template Injection is also possible on Django. Just Google ssti Django

SSTI IN FLASK 0:03:38

SSTI IN FLASK CTF WALKTHROUGH [24-07-2021]

SSTI Complete Lab 0:14:44

SSTI Complete Lab Breakdown: Server-side template injection with a custom exploit

Комментарии
Автор

this was very helpful
I admire you for being able to explain such intrinsic concepts of the Python language so well.
I hope one day to reach your level.

Mykmy
welcome to shbcf.ru