Flask(Jinja2) 服务端模板注入漏洞
Vulnhub官方复现教程
https://vulhub.org/#/environments/flask/ssti/
漏洞原理
https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
http://rickgray.me/use-python-features-to-execute-arbitrary-codes-in-jinja2-templates
复现漏洞
启动环境
https://blog.csdn.net/JiangBuLiu/article/details/93853056
进入路径为
cd /root/vulhub/flask/ssti
搭建及运行漏洞环境: