Server Side Template Injection 01

This exercise is one of our challenges on Server-Side Template Injection

< 1 Hr.


In this exercise, we delve into a real-world example of a Server-Side Template Injection (SSTI) vulnerability as reported on Hackerone. The lab specifically targets a bug found in the 404 error management of a Flask web application. By manipulating the error handling code, you can inject malicious payloads that lead to code execution.

The lab begins with a detailed code review of the vulnerable Flask application. It highlights how the use of `{{''.__class__.mro()[1].__subclasses__()}}` can expose various Python classes, including `subprocess.Popen`, which can then be exploited to run arbitrary commands. The lab guides you through identifying the right index for `subprocess.Popen` and crafting the payload to achieve remote code execution. Additionally, the importance of reading Python documentation is emphasized to ensure the correct syntax and options are used.

Want to learn more? Get started with PentesterLab Pro! GO PRO