Super Secure Technology Infrastructure
Last updated
Was this helpful?
Last updated
Was this helpful?
Easy
146
9
Super secure technology infrastructure, A fortress built with digital flair, Encrypted and protected, no intrusion allowed, Our data safe from any dare. Poem by ChatGPT
By the challenge title, we can identify that it is a Server Side Template Injection
vulnerability.
First, we will need to identify the templating engine used, and we can refer to this chart below.
First, we will need to identify the <class 'subprocess.Popen'>
offset. We can find it using the payload below to list all the subclasses
Very handy script to find the offset
After finding <class 'subprocess.Popen'>
we can then utilize it to perform RCE.
After playing with the input, we can identify that it is running Jinja2
. We can also refer the the guide to identify the templating engine.
Referring to he guide, we are able to perform remote code execution and get the flag!