S7our Shorba Tajin Iftar

SSTI but shuffled

Step 1: Confirming SSTI and Analyzing Error Messages

In this challenge, the first stage involved testing for SSTI by providing different payloads and reviewing the server output. The initial payloads were commonly used SSTI payloads.

Using the Error processing output as input activated the ssti

Step 2:Listing Files using os.popen(‘ls’)

Knowing SSTI was achievable the next part was to find a payload to read the values. The step started by listing the files with the os.popen("ls") command and built the SSTI payload to list files, by providing and checking output.

Let's list files , used payload {{request.application.globals.builtins.import('os').popen('ls').read()}}

Step 3:Displaying main.py File using os.popen(‘cat main.py’)

Knowing SSTI was achievable the next part was to find a payload to read the values. The step started by listing the files with the os.popen("ls") and then displaying the main.py content.

`Step 4:Displaying the FLAG Env Variable`

FLAG = os.getenv("FLAG")

then we need to craft a payload to get the FLAG environment variable

{{request.application.globals.builtins.import('os').getenv('FLAG')}}

PreviousWeb NextJWTropolis

Last updated 7 months ago

Was this helpful?