Intentionally vulnerable web application: Server-Side Template Injection (SSTI + RCE) in Flask.
3.1K

This is small application VULNERABLE to Server Side Template Injection (SSTI) in Flask/Jinja2.
You will find a detailed description here: https://www.karczewski.io/blog/practical-exploitation-of-server-side-template-injection-ssti-in-flask-with-jinja2/
Have fun :)
docker run -p 8089:8089 -d filipkarc/ssti-flask-hacking-playground
Then launch your browser and enter http://localhost:8089
This application is intentionally INSECURE and is meant solely for demonstrating security risks in a controlled environment. It should never be exposed to public networks or production systems. Running this application outside of isolated labs may result in unauthorized access or system compromise. Usage is at the user's own risk.
LinkedIn: https://www.linkedin.com/in/filip-karczewski/
Twitter: https://twitter.com/FilipKarc
Thanks to the creator of the photo I used:
https://www.pexels.com/photo/boston-terrier-wearing-unicorn-pet-costume-1564506/
Content type
Image
Digest
sha256:312f4a289…
Size
50.6 MB
Last updated
about 1 year ago
docker pull filipkarc/ssti-flask-hacking-playground