V5 - Validation/Sanitization
Server Side Template Injection (SSTI) in Flask
POC
Write the following input and observe that “test{{4-1}}” is interpreted as test3 Try to read internal files with the following payload: {{ ''.class.mro[2].subclasses()40.read() }}
For more information and techniques: https://pequalsnp-team.github.io/cheatsheet/flask-jinja2-ssti https://nvisium.com/blog/2015/12/07/injecting-flask.html
Impact
Low-Medium-High (depends on the attack)
Likelihood
Low-Medium-High (depends on the attack)