Loading page
Review the challenge brief, files, and requirements.
A Flask application uses Jinja2 templates unsafely. Exploit SSTI to read /etc/flag.
@app.route('/hello')
def hello():
name = request.args.get('name', 'World')
template = f"Hello {name}!"
return render_template_string(template)
/hello?name={{7*7}} returns "Hello 49!"
Craft a payload to read the flag file.
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds