GreHack 2021 - Optimizing Server Side Template Injections payloads for jinja2 (EN)

preview_player
Показать описание
When attacking Python-based web applications, we often need to find a way to execute commands on the server and escape from the application context. In order to get access to the underlying Python backend of a web application, an attacker can exploit common vulnerabilities such as Server Side Template Injection (SSTI) or Code Injections (CI) but how can we escape from this context?

In this talk, we will deep dive into the template engine jinja2 in order to create the shortest payloads to access the os module from within a template!

#Pentesting #Python #jinja2
  1. Rémi GASCOU (Podalirius)
  2. ssti
  3. payload
  4. injection
Рекомендации по теме
GreHack 2021: Optimizing 0:24:17

GreHack 2021: Optimizing Server Side Template Injection Payloads for jinja2 - Remi Gascou

GreHack 2021 - 0:20:58

GreHack 2021 - Optimizing Server Side Template Injections payloads for jinja2 (EN)

Optimizing Server Side 0:24:17

Optimizing Server Side Template Injection Payloads for jinja2 Remi Gascou

ESCALATING SSTI TO 0:03:48

ESCALATING SSTI TO RCE IN FLASK APPLICATION

GreHack 2021: Rooting 0:37:59

GreHack 2021: Rooting Samsung Q60T Smart TV - Jérémie Boutoille and Vincent Fargues

Find and Exploit 0:08:34

Find and Exploit Server-Side Template Injection (SSTI)

Server Side Template 0:05:23

Server Side Template Injection (SSTI)

SSTI (Server Side 0:11:34

SSTI (Server Side Template Injection)

web hacking: python 0:08:06

web hacking: python Jinja2 SSTI vulnerability and code execution

GreHack 2021: Windows 0:40:30

GreHack 2021: Windows kernel snapshot based fuzzing the good, the bad and the ugly - Damien Aumaitre

Server-Side Template Injection 0:12:19

Server-Side Template Injection (SSTI) Flask/Jinja

SSTI reverse shell 0:11:09

SSTI reverse shell PUG node js

USENIX Security '21 0:11:19

USENIX Security '21 - Dynamic proofs of retrievability with low server storage

{{SSTI}} From Developing 0:22:45

{{SSTI}} From Developing Side

SSTI for Bug 0:06:23

SSTI for Bug Bounty | Server-Side Template Injection

Command Injection Exploitation 0:04:25

Command Injection Exploitation - Reverse Shell Access | Decrypt3r

Exploring Python SSTI 0:22:25

Exploring Python SSTI Payloads - Bolt Beyond Root [HackTheBox]

SSTI: Server Side 0:07:41

SSTI: Server Side Template Injection | Remote Code Execution | Reverse Connection | TPLMAP

#2 Exploits modernos 0:30:42

#2 Exploits modernos de binários -ROP e Ret2Libc

Vulnerability SSTI lead 0:30:12

Vulnerability SSTI lead to RCE pada Flask

RomHack 2019 - 0:38:37

RomHack 2019 - Le Toux - How to impress your management when you are an Active Directory noob?

Fuzzing in Go 0:32:22

Fuzzing in Go by Valentin Deleplace

Template Injection Workshop: 1:08:51

Template Injection Workshop: Twig, Jinja, Freemaker and more

#HITB2021AMS D2T2 - 0:48:31

#HITB2021AMS D2T2 - Binary Fuzzing With Snapshot-Assisted-Driven Comparison Branch Analysis - K. Son

Комментарии
Автор

Eline Sağlık gardaşım çok güzel anlattın thanks.

tonymontana