muzec - Templated Writeup | root💀muzec-sec:~#

Just a simple Server Side Template Injection (SSTI) .

On the web page i think we have all the hint we can ask for we already know it Proudly powered by Flask/Jinja2 so let try to confirm it.

http://138.68.141.81:32732/$ we get 404 not found but our input reflect let try injecting another command.

http://138.68.141.81:32732/${ Boom again let find the crash point.

Boom a crash point http://138.68.141.81:32732/$

Boom we are the root user cool let list directory.

138.68.141.81:32732/

We can see the flag.txt let cat it and we are done.

138.68.141.81:32732/

Nah not going to show you the flag get it yourself lol.

Greeting From Muzec