Server Side Template Injection 02

Bookmarked!

This exercise is one of our challenges on Server-Side Template Injection

PRO
Tier
Medium
< 1 Hr.
7997

In this challenge, you will explore the exploitation of a Server Side Template Injection (SSTI) in an old version of Twig (1.9.0). The goal is to gain code execution on the server by utilizing the functions provided by the template engine. The provided code snippet, {{_self.env.registerUndefinedFilterCallback('exec')}}{{_self.env.getFilter('uname')}}, can be used to achieve this.

The video walkthrough explains the process in detail, starting with identifying the SSTI vulnerability and recognizing the use of the Twig framework. By accessing the Twig environment and using the registerUndefinedFilterCallback function, you can register an alias to the exec function. Then, by calling getFilter with the desired command, you can execute system commands, such as uname, to complete the exercise.

Want to learn more? Get started with PentesterLab Pro! GOPRO