JinjaCare

Solutions

As you can see the title of the challenge, we will notice that this challenge is about SSTI, so let try ${7*'7'}} in any input form.

But first, we need to register account.

In Personal Info, we change Full Name and save it.

Now we download the certificate, and see the result.

As we can see, it works. Now use this payload: {request.application.__globals__.__builtins__.__import__('os').popen('ls /').read()}}