webProeasy

Simple Web (d5c47306-5d4f-4ad4-958f-5414a0b85b9b)

hackerlab

Task: Flask web app with user input reflected in 404 page HTML comments. Solution: Exploited Jinja2 SSTI to achieve RCE, bypassed / filter using cd commands to read the flag.

$ ls tags/ techniques/
flaskrcefilter_bypasssstipythonserver_side_template_injectionjinja2werkzeug
Server-Side Template Injection (SSTI) in Jinja2RCE via lipsum.__globals__["os"].popen()Filter bypass using cd commands instead of absolute paths
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub to continue. No email required.

$sign in

$ grep --similar

Similar writeups