filipkarc/ssti-flask-hacking-playground

By filipkarc

Updated about 1 year ago

Intentionally vulnerable web application: Server-Side Template Injection (SSTI + RCE) in Flask.

Image
Security
0

3.1K

filipkarc/ssti-flask-hacking-playground repository overview

Vulnerable Web App: ssti-flask-hacking-playground

image

What is it

This is small application VULNERABLE to Server Side Template Injection (SSTI) in Flask/Jinja2.

You will find a detailed description here: https://www.karczewski.io/blog/practical-exploitation-of-server-side-template-injection-ssti-in-flask-with-jinja2/

Have fun :)

How to run

docker run -p 8089:8089 -d filipkarc/ssti-flask-hacking-playground

Then launch your browser and enter http://localhost:8089

WARNING !!! Read this:

This application is intentionally INSECURE and is meant solely for demonstrating security risks in a controlled environment. It should never be exposed to public networks or production systems. Running this application outside of isolated labs may result in unauthorized access or system compromise. Usage is at the user's own risk.

Follow me

LinkedIn: https://www.linkedin.com/in/filip-karczewski/

Twitter: https://twitter.com/FilipKarc

Thank you

Thanks to the creator of the photo I used:

https://www.pexels.com/photo/boston-terrier-wearing-unicorn-pet-costume-1564506/

Tag summary

Content type

Image

Digest

sha256:312f4a289

Size

50.6 MB

Last updated

about 1 year ago

docker pull filipkarc/ssti-flask-hacking-playground