Challenge
| Link | Difficulty | Status |
|---|---|---|
| https://play.picoctf.org/practice/challenge/488?category=1&originalEvent=74&page=1 |  |  |
Note
Description
I made a cool website where you can announce whatever you want! I read about input sanitization, so now I remove any kind of characters that could be a problem :)
Additional details will be available after launching your challenge instance.
Solution
We already solved a easy variant of the challenge, you can read about it here SSTI1. As mentioned in that other challenge this is related to Server side template injection.
Launching the challenge presents the same homepage as the one in SSTI1
Let us try using the same payload as before. I am sure that it won’t work but that should give us an idea on what needs to be changed.
The above page was displayed when I tried to use the same payload as before. The site is now somehow able to understand that I am trying to inject a malicious template. One of the ways to achieve this is to scan the text injected and check for any blacklisted keywords like __import__ or __global__.
One thing we can try to check if our theory is correct is by trying to inject a obfuscated1 version on of the same payload. Our payload now looks like below:
{{ request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('cat /challenge/flag')|attr('read')() }}To craft this payload we used some quirks of the template engine and some python language features.
- Use of
|. This is a Jinja2 specific syntax which is used to call a method on the preceding object. For example when we sayrequest|attr('application')we are essentially sayingrequest.attr('application'). - Use of hex encoding
\xprefixed strings. When we used\x5fthe actual character is_. So when we decode the entire string we get__globals__. - Using
__getitem__to access dictionary items. Now executing the payload gives us the flag.