webProeasy
Поздравительное приложение (Greeting App)
hackerlab
Task: Flask greeting app with user input reflected in response, flag is SECRET_KEY. Solution: Jinja2 SSTI via {{config.SECRET_KEY}} to read Flask config.
$ ls tags/ techniques/
Server-Side Template Injection (SSTI) in Jinja2Flask config.SECRET_KEY disclosure
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lucky Ticket (Счастливый билет)— hackerlab
- [web][Pro]Состояние 0x7F— hackerlab
- [web][Pro]Разминка с JWT (JWT Warmup)— hackerlab
- [web][Pro]Конвертер (Converter)— hackerlab
- [web][Pro]Привилегированный гость (Privileged Guest)— hackerlab