Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

Server Side Template Injection (SSTI) in Flask

POC

Write the following input and observe that “test{{4-1}}” is interpreted as test3 Try to read internal files with the following payload: {{ ''.class.mro[2].subclasses()40.read() }}

For more information and techniques: https://pequalsnp-team.github.io/cheatsheet/flask-jinja2-ssti https://nvisium.com/blog/2015/12/07/injecting-flask.html

Impact

Low-Medium-High (depends on the attack)

Likelihood

Low-Medium-High (depends on the attack)