Modules/Web Pentesting/Server-Side Template Injection

Server-Side Template Injection

0% Complete

Server-Side Template Injection (SSTI) is a web security vulnerability that occurs when user input is unsafely embedded into a server-side template engine. Attackers exploit this by injecting malicious code into templates, which the server then executes. This can lead to unauthorized access, data exposure, remote code execution, or complete system compromise. SSTI affects applications using templating engines like Jinja2, Twig, or Velocity, and prevention involves proper input validation and secure coding practices.

1 Tasks0/12 Solved0/60 Points

Progress0%

Task 1

Server-Side Template Injection - (Basics)

Scenario:
You are a penetration tester hired by craw.in to assess the security of their web application. During your reconnaissance, you discover that certain parts of the application allow user input to be rendered directly into a template engine. Your objective is to identify and exploit potential SSTI vulnerabilities.

0/12 solved0/60 points0%

Questions

Question 1:
The initial URL you're testing looks like this: craw.in/render?name=test. You suspect SSTI. What is the first, simplest payload you should try to confirm your suspicion?

Attempts: 0

Your answer

Question 2:
After injecting {{7*7}}, the page renders "49". This confirms SSTI. Which type of template engine is commonly associated with Python web frameworks like Flask and Django?

Attempts: 0

Your answer

Question 3:
You need to identify what classes and methods are available. What Python built-in function is useful for inspecting objects and their attributes?

Attempts: 0

Your answer

Question 4:
To achieve code execution, you often need to access the object class. What is the base class from which all classes inherit in Python?

Attempts: 0

Your answer

Question 5:
What is a common attribute within the object class used to access subclasses?

Attempts: 0

Your answer

Question 6:
You need to filter through a list of subclasses. What python special method is used to invoke commands?

Attempts: 0

Your answer

Question 7:
After finding a suitable subclass, you might need to access its __init__ method. Which attribute allows you to access the __init__ method of a class?

Attempts: 0

Your answer

Question 8:
Inside __init__, you often find __globals__. This gives access to the global namespace. What type of values does the global namespace provide?

Attempts: 0

Your answer

Question 9:
Within the global namespace, you are likely to find a module that allows you to execute operating system commands. What common module is used for this purpose in Python?

Attempts: 0

Your answer

Q10

Question 10:
Within the os module, what function is commonly used to execute shell commands?

Attempts: 0

Your answer

Q11

Question 11:
You want to execute the command whoami. Complete the payload using the functions identified so far to execute "whoami".

Attempts: 0

Your answer

Q12

Question 12:
To avoid issues with character encoding, which Python module can assist with encoding and decoding strings?

Attempts: 0

Your answer

Modules/Web Pentesting/Server-Side Template Injection

Server-Side Template Injection

0% Complete

1 Tasks0/12 Solved0/60 Points

Progress0%

Task 1

Server-Side Template Injection - (Basics)

0/12 solved0/60 points0%

Questions

Question 1:
The initial URL you're testing looks like this: craw.in/render?name=test. You suspect SSTI. What is the first, simplest payload you should try to confirm your suspicion?

Attempts: 0

Your answer

Question 2:
After injecting {{7*7}}, the page renders "49". This confirms SSTI. Which type of template engine is commonly associated with Python web frameworks like Flask and Django?

Attempts: 0

Your answer

Question 3:
You need to identify what classes and methods are available. What Python built-in function is useful for inspecting objects and their attributes?

Attempts: 0

Your answer

Question 4:
To achieve code execution, you often need to access the object class. What is the base class from which all classes inherit in Python?

Attempts: 0

Your answer

Question 5:
What is a common attribute within the object class used to access subclasses?

Attempts: 0

Your answer

Question 6:
You need to filter through a list of subclasses. What python special method is used to invoke commands?

Attempts: 0

Your answer

Question 7:
After finding a suitable subclass, you might need to access its __init__ method. Which attribute allows you to access the __init__ method of a class?

Attempts: 0

Your answer

Question 8:
Inside __init__, you often find __globals__. This gives access to the global namespace. What type of values does the global namespace provide?

Attempts: 0

Your answer

Question 9:
Within the global namespace, you are likely to find a module that allows you to execute operating system commands. What common module is used for this purpose in Python?

Attempts: 0

Your answer

Q10

Question 10:
Within the os module, what function is commonly used to execute shell commands?

Attempts: 0

Your answer

Q11

Question 11:
You want to execute the command whoami. Complete the payload using the functions identified so far to execute "whoami".

Attempts: 0

Your answer

Q12

Question 12:
To avoid issues with character encoding, which Python module can assist with encoding and decoding strings?

Attempts: 0

Your answer