Simple Web Challenge on HTB | Templated


Hey folks, here is a simple web challenge for you…

The name of the challenge is Templated.

Web Challenge Templated

Let’s start by opening the web interface.


We can see that the site uses python, let’s look bit more…

Werkzeug/1.0.1 Python/3.9.0

The web uses Werkzeug/1.0.1 Python/3.9.0.

Vulnerable to SSTI

While doing basic tests we got that the site is vulnerable to SSTI!! 😋

SSTI = Server-Side Template Injection

I quickly searched Google and came across Gus Ralph’s write-up on Server Side Template Injection with Jinja2.

Let’s Exploit!!

Exploitation part is very basic.

Payload = {{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}

id command gets executed

Let’s try listing files.

Listing files

We found the flag.txt!! Read the file to get the flag.

Got the flag!

Yeahhyy!!💥We got the flag!!!

That way a simple SSTI challange!! Try it yourself ❤