Skip to content

noltron000-coursework/jinja2-exploit-me

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
VERSION.md
VERSION.md
 
 
app.py
app.py
 
 
hack.txt
hack.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Jinja2-ExploitMe

[BEW 2.3: Web Security] Clone this repo to begin the SSTI exploit activity.

Attacking Server-Side Rendered Templates

  1. Create a new GitHub repo and name it Jinja2-ExploitMe
  2. Clone the Make-School-Labs/Jinja2-ExploitMe repository
  3. Run git remote rm origin in your local copy
  4. Replace it using your new GitHub URL: git remote add origin https://github.com/YOUR_USERNAME/YOUR_REPO_NAME
  5. Run export FLASK_ENV=development; flask run to get started!

Findings

➗ Basic Math

🔢 Multiplying a String of Numbers

🔡 Multiplying a String of Words

Get hack.txt

  • take a look at dylan's repo and deconstruct
    • use two parameters
    • access config.items()
    • .__class__ etc
    • dunder methods
    • structure to python

💭 Other

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages