Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-8341 PoC — Jinja2 代码注入漏洞

Source
https://github.com/adindrabkin/llama_facts
Associated Vulnerability
Title:Jinja2 代码注入漏洞 (CVE-2019-8341)
Description:An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
Description
Web application vulnerable to Python3 Flask SSTI (CVE-2019-8341)
Readme
# Llama Facts
This project was originally created for the Rochester Institute of Technology (RIT) Women in Cybersecurity (WIYCS) 2022 CTF competition. It is vulnerable to Server-Side Template Injection (SSTI), defined in the disputed CVE CVE-2019-8341.

## Challenge Description
Description: A Computer Science 1 student created a website to showcase their newly-acquired python skills. Can you look into their search engine to ensure it is secure? 


## Usage
Requires having docker engine installed and running.  

`docker build -t wiycs_web . && docker run -p 5656:5656 -it wiycs_web`

Then navigate to `http://localhost:5656` and test your SSTI skills! Hopefully you'll learn a few llama facts along the way.
File Snapshot

 [4.0K]  /data/pocs/b8e00d93e1903de69aafe82b3b83abbb9c835948
├── [  69]  build_run.sh
├── [ 257]  Dockerfile
├── [  22]  flag.txt
├── [ 715]  README.md
├── [4.0K]  req
│   ├── [  22]  requirements.txt
│   └── [4.0K]  whl
│       ├── [321K]  click-8.0.3.tar.gz
│       ├── [614K]  Flask-2.0.2.tar.gz
│       ├── [ 58K]  itsdangerous-2.0.1.tar.gz
│       ├── [263K]  Jinja2-3.0.3.tar.gz
│       ├── [ 18K]  MarkupSafe-2.0.1.tar.gz
│       └── [874K]  Werkzeug-2.0.2.tar.gz
├── [4.0K]  src
│   ├── [4.0K]  content
│   │   └── [2.7K]  home.html
│   ├── [4.0K]  css
│   │   └── [1.5K]  css.css
│   ├── [4.8K]  server.py
│   └── [4.0K]  static
│       ├── [178K]  fancy_llama.jpg
│       ├── [7.8K]  fa_search.png
│       ├── [ 33K]  llama1.jpg
│       ├── [ 74K]  llama2.jpg
│       └── [129K]  pineapple_llama.jpg
└── [1.2K]  writeup.md

6 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →