webPromedium
RiceMatch
duckerz
Task: Telegram Mini App (Tinder-style) with Flask/Jinja2 backend, user profile cards rendered server-side. Solution: SSTI via Telegram first_name field - changed name to Jinja2 payload, Telegram signed it in initData, server rendered it without escaping, leaked FLAG from environment variables.
$ ls tags/ techniques/
ssti_jinja2lipsum_globals_rcetelegram_firstname_injectionrender_template_string_abuseenv_variable_leak
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [stego][Pro]Фотокарточки (Photo Cards)— duckerz
- [web][Pro]Recruiter— duckerz
- [misc][Pro]Иерархия (Hierarchy)— duckerz
- [web][Pro]Арифметика (Arithmetic)— duckerz
- [misc][Pro]Быки и Коровы (Bulls and Cows)— duckerz