I made a cool website where you can announce whatever you want! I read about input sanitization, so now I remove any kind of characters that could be a problem :) I heard templating is a cool and modular way to build web apps! Check out my website here!
🎯 Challenge Files & Infrastructure
Provided Files
1
Files:None
🔍 Initial Analysis
First Steps
Initially, the website appears as follows:
Site Presentation
This is version two of the challenge STTI1. Sending the same payload as in the previous challenge, {{config.__class__.__init__.__globals__['os'].popen('ls').read()}}, I get:
Filter
So it looks like a filter has been added… Let’s move on to the exploitation phase.
🔬 Vulnerability Analysis
Potential Vulnerabilities
SSTI (Server Side Template Injection)
🎯 Solution Path
Exploitation Steps
Exploitation
Usually, to bypass filters, characters like _ are encoded in hex, and attr| is used instead of . to build the object chain since some filters might block _ and .. So, I found a payload on HackTricks that already encodes these characters:
I executed cat flag directly, given the previous challenge. By printing the contents of the flag file, I successfully retrieved the flag.
Flag capture
Manual Flag
🛠️ Exploitation Process
Approach
The automatic exploit is identical to the one from the previous challenge. It sends the SSTI payload with a POST request and then extracts the flag from the response using a regex.
