fg0x0's notes
  • ๐Ÿ‘€Introduction
    • ๐Ÿดโ€โ˜ ๏ธAbout me
  • ๐Ÿ‘พoffensive-security
    • ๐ŸฒOSCP
      • ๐Ÿ›ก๏ธActive Directory ( OSCP )
    • โ›“๏ธOSEP
    • ๐Ÿ•ธ๏ธOSWE
    • ๐ŸŒŒPG-Practice
      • ๐Ÿดโ€โ˜ ๏ธWarm UP
        • ๐ŸงClamAV
        • ๐ŸชŸAlgernon
        • ๐ŸชŸHelpdesk
      • ๐Ÿดโ€โ˜ ๏ธGet to Work
        • ๐ŸชŸHutch
        • ๐ŸชŸJacko
        • ๐ŸชŸShenzi
        • ๐ŸชŸSlort
        • ๐ŸงPostfish
        • ๐ŸงPelican
        • ๐ŸงQuackerjack
        • ๐ŸงSnookums
        • ๐ŸงSorcerer
        • ๐ŸงWalla
        • ๐ŸงZenPhoto
        • ๐ŸงZino
      • ๐Ÿดโ€โ˜ ๏ธTry Harder
        • ๐ŸงPeppo
        • ๐ŸงSirol
      • ๐Ÿดโ€โ˜ ๏ธRetired Play Machines
  • ๐ŸšฉRed Team
    • โ˜ข๏ธActive Directory Exploitation
      • โš”๏ธDomain Enumeration
      • โš”๏ธLocal Privilege Escalation
    • ๐Ÿ‘ฟRed Teaming Zero to Hero
    • ๐Ÿ‘ฟRed Teaming All The Things
    • ๐Ÿ•ธ๏ธWeb Exploitation
      • โš”๏ธXSS (Cross-Site Scripting)
      • โš”๏ธRemote File Inclusion
      • โš”๏ธHTML smuggling
    • ๐Ÿ’€Binary Exploitation
      • โš”๏ธBuffer Overflow
      • โš”๏ธReturn Oriented Programming ( ROP )
      • โš”๏ธBinary Security
      • โš”๏ธFormat String Vulnerability
      • โš”๏ธRegisters
    • โ˜ ๏ธExploit Development
      • โš”๏ธMacro Shellcode
      • โš”๏ธPayloads
  • ๐Ÿณ๏ธBlue Team
    • ๐Ÿ”Digital Forensics
    • ๐Ÿ”Cryptography & Math
      • โš”๏ธOpenSSL
    • โชReverse Engineering
  • ๐Ÿดโ€โ˜ ๏ธctf
    • ๐Ÿ‡Haruul Zangi
      • ๐ŸดHZ-2018
        • โš”๏ธFinal-Shao Kahn
      • ๐ŸดHZ-2019
        • โš”๏ธFinal-ะฃั€ั‚ะฐัะณะฐัะฐะฝ-ะฅัััััััััััััััััˆ
        • โš”๏ธFinal-Skywalker-sage-info
        • โš”๏ธRound-1-Very Secure LDAP
        • โš”๏ธRound-1-Web Warmup
      • ๐ŸดHZ-2020
        • โš”๏ธRound-1-websploit1
        • โš”๏ธRound-1-websploit2
        • โš”๏ธRound-1-websploit3
      • ๐ŸดHZ-2021
        • โš”๏ธFinal-Screenshot 1,2
        • โš”๏ธFinal-Orb
      • ๐ŸดHZ-2022
        • โš”๏ธHZ-2022-Final-You Have Been Hacked
        • โš”๏ธHZ-2022-Final-Breaking News
        • โš”๏ธHZ-2022-Final-Todo
        • โš”๏ธHZ-2022-Final-Subway Surfers
        • โš”๏ธHZ-2022-Round-2-Spike-Boom-!!!
      • ๐ŸดHZ-2023
        • ๐Ÿ‘ปRound-1
        • ๐Ÿ‘ปRound-2
        • ๐Ÿ‘ปRound-3
          • ๐Ÿฆ†Ducky Notes
          • ๐Ÿš‹Aylagch
          • ๐Ÿ”ปWeb Downchecker
          • ๐Ÿ”‘Password Manager
      • ๐ŸฃHZ-U18-2023
        • ๐Ÿ”Forensics
        • โ˜„๏ธTrivia
        • ๐Ÿ•ธ๏ธWeb
        • ๐Ÿ”ขCrypto
        • ๐ŸŒMisc
      • ๐ŸดHZ-2024
        • Round-1
          • M4th
        • Round-2
          • Enigma
        • Final-Round
          • ๐Ÿ’€heavy one ( forensics )
    • ๐Ÿดโ€โ˜ ๏ธOther CTF
      • ๐Ÿœ๏ธShambala-2056
        • ๐Ÿ‡ฆ๐Ÿ‡ทArgentina-PWN (pwn1)
        • ๐Ÿ‡ช๐Ÿ‡ฌEgypt-Forensics (spectre)
      • ๐Ÿดโ€โ˜ ๏ธSICT CTF
        • ๐ŸŽฎnull
      • ๐ŸŒAsian Cyber Security Challenge
        • ๐ŸŒACSC ( 2023 )
          • ๐Ÿดโ€โ˜ ๏ธMerkle Hellman ( Cryptography )
          • ๐Ÿดโ€โ˜ ๏ธeasySSTI ( Web Exploitation )
          • ๐Ÿดโ€โ˜ ๏ธHardware is not so hard
  • ๐ŸงŠHackTheBox
    • ๐ŸชŸWindows Machine
      • ๐Ÿค•Support
      • โŒEscape
      • โœˆ๏ธFlight
      • โ˜ข๏ธActive
    • ๐ŸงLinux Machine
    • โ˜ ๏ธOther Platform Machines
      • โš”๏ธHMV-Alzheimer
      • โš”๏ธHMV-BaseME
      • โš”๏ธHMV-doc
    • Web Exploitation
      • ๐Ÿ‘ฝFlask SSTI
        • Templated
        • baby interdimensional internet
        • ๐Ÿ‘ฝbaby todo or not todo
        • Slippy ( Jinja2 )
      • Injection
        • ๐Ÿ‘ฝPhonebook ( LDAP Injection )
        • sanitize ( SQL Injection )
        • Weather app ( SQL Injection )
        • Intergalactic Post ( php filter SQLi )
        • C.O.P ( SQL injection + Revshell )
      • ๐Ÿ’ฅPrototype Pollution
        • โ˜ ๏ธbaby breaking grad
      • ๐Ÿ˜ตโ€๐Ÿ’ซinsecure deserialization
        • ๐Ÿ‘ฝbaby website rick ( insecure deserialization )
      • XSS
        • ๐Ÿ‘ฝFull Stack Conf (Cross-Site Scripting)
        • AbuseHumandb ( XSS Puppeteer )
        • Kryptos Support ( XSS+IDOR )
        • Felonious Forums ( XSS, Cache Poison, Directory Traversal )
      • ๐Ÿ‘พSymfony
        • ๐Ÿ’€baby bonechewercon ( Symfony )
      • ๐Ÿ‘ฅXXE
        • ๐Ÿค™baby WAFfles order
      • Ping submit hiideg
        • Looking Glass ( Ping )
      • RCE
        • LoveTok ( RCE )
        • Neonify ( RCE )
        • Amidst Us ( image+RCE )
        • Letter Despair ( PHP + RCE )
        • Debugger Unchained ( SQLi+RCE )
      • LFI
        • toxic ( LFI )
      • File Upload
        • petpet rcbee ( file upload )
      • URL submit hiideg
        • baby CachedView ( URL submit hiideg )
      • Invoice ilgeedeg
        • Blinker Fluids
      • HTTP2 smuggling
        • PhishTale ( HTTP2 smuggling, Twig N-Day )
    • Forensics
  • ๐Ÿ’€Synack Red Team
    • โ˜ ๏ธDC-1 ( kh )
    • โ˜ ๏ธDC-2 ( kh )
    • โ˜ ๏ธDC-3 ( kh )
  • dursamj
Powered by GitBook
On this page
  1. HackTheBox
  2. Web Exploitation
  3. Flask SSTI

Slippy ( Jinja2 )

Previousbaby todo or not todoNextInjection

Last updated 7 months ago

๐ŸงŠ
๐Ÿ‘ฝ
LogoSlippyPlatypwnies
Logohtb-uni-ctf-quals-2021/web/1_slippy.md at master ยท h4sh5/htb-uni-ctf-quals-2021GitHub
LogoHTB 2021 Uni CTF Quals - Slippy ยท Radboud Institute of PwningRadboud Institute of Pwning