Server Side Template Injection 02
Bookmarked!This exercise is one of our challenges on Server-Side Template Injection
In this challenge, you will explore the exploitation of a Server Side Template Injection (SSTI) in an old version of Twig (1.9.0). The goal is to gain code execution on the server by utilizing the functions provided by the template engine. The provided code snippet, {{_self.env.registerUndefinedFilterCallback('exec')}}{{_self.env.getFilter('uname')}}
, can be used to achieve this.
The video walkthrough explains the process in detail, starting with identifying the SSTI vulnerability and recognizing the use of the Twig framework. By accessing the Twig environment and using the registerUndefinedFilterCallback
function, you can register an alias to the exec
function. Then, by calling getFilter
with the desired command, you can execute system commands, such as uname
, to complete the exercise.