Happy Birthday Card Generator
Last updated
Was this helpful?
Last updated
Was this helpful?
The website was simply accepting a name and generating a card.
I tried to input HTML tags, it didn't work. Then I used command injections, again no luck.
But then I saw the backend server was Python based. You know what the first instinct is after that?
Server Side Template Injection!
I tried the following payload:
{{10*10}}
{{"foo".class.base.subclasses()[182].init.globals['sys'].modules['os'].popen("ls /").read()}}
I replaced the ls / command in payload by cat /flag.txt and got the flag!
As we can see, SSTI PoC worked! Let's try and read /flag.txt. I used the following payload inspired from here: