Book of BugBounty Tips

Server Side Template Injection

Good hunters to help me about Server-Side Template Injection (Jinja2) ? {{7*'7'}} = 7777777 {%for c in [1,2,3] %}{{c,c,c}}{% endfor %} = (1, 1, 1)(2, 2, 2)(3, 3, 3) {{ [].class.base.subclasses() }} = Empty {{''.class.mro()[1].subclasses()}} = Web app crash

PreviousWeb Cache NextTips from @EdOverflow

Last updated 3 years ago