Server Side Template Injection 02

This exercise is one of our challenges on Server-Side Template Injection

< 1 Hr.


In this challenge, you will explore the exploitation of a Server Side Template Injection (SSTI) in an old version of Twig (1.9.0). The goal is to gain code execution on the server by utilizing the functions provided by the template engine. The provided code snippet, `{{_self.env.registerUndefinedFilterCallback('exec')}}{{_self.env.getFilter('uname')}}`, can be used to achieve this.

The video walkthrough explains the process in detail, starting with identifying the SSTI vulnerability and recognizing the use of the Twig framework. By accessing the Twig environment and using the `registerUndefinedFilterCallback` function, you can register an alias to the `exec` function. Then, by calling `getFilter` with the desired command, you can execute system commands, such as `uname`, to complete the exercise.

Want to learn more? Get started with PentesterLab Pro! GO PRO