webhard

В поисках капибары — Hackerlab

hackerlab

Task: Flask web app with login form. Solution: SSTI via Jinja2 with WAF bypass using {%print()%} syntax, hex-escaped __globals__, and lipsum gadget to achieve RCE.

$ ls tags/ techniques/
waf_bypassflaskrcesstijinja2
ssti_jinja2hex_escape_bypasslipsum_gadgetattr_filter_chain
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]