Tag: Side

Python vulnerabilities : Code execution in jinja templates

July 27, 2022

We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.

code contexte execution exploit independant injection jinja jinja2 python server side ssti template vulnerabilities
Python context free payloads in Mako templates

August 26, 2021

We will see how to create context-free payloads for Mako, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.

code contexte execution exploit independant injection jinja jinja2 python server side ssti template vulnerabilities
Python vulnerabilities : Code execution in jinja templates

July 27, 2021

We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.

code contexte execution exploit independant injection jinja jinja2 python server side ssti template vulnerabilities