Simple Web Challenge on HTB | Templated
Jan 22, 2023
Hey folks, here is a simple web challenge for you…
The name of the challenge is Templated.
Let’s start by opening the web interface.
We can see that the site uses python, let’s look bit more…
The web uses Werkzeug/1.0.1 Python/3.9.0.
While doing basic tests we got that the site is vulnerable to SSTI!! 😋
I quickly searched Google and came across Gus Ralph’s write-up on Server Side Template Injection with Jinja2.
Let’s Exploit!!
Exploitation part is very basic.
Payload =
{{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}
Let’s try listing files.
We found the flag.txt!! Read the file to get the flag.
Yeahhyy!!💥We got the flag!!!
That way a simple SSTI challange!! Try it yourself ❤