Indentification

Now we have detected what characters caused the application to error {{ It's time to identify what template engine is being used !

Sometimes the error message will include the template engine and maybe it's version which is very rare or else we can check the decision tree to know what kinda template engine is used !

http://10.10.39.6:5000/profile/{{7*'7'}} - gives us 7777777

Which means the template engine in that backend is Jinja2

Jinja2 Syntax

Always look for the following, no matter what language or template engine is used ?

How to start and end a print statement
How to start and end a block statement

In the case of Jinja2 Template !

{{ - Used to mark the start of a print statement
}} - Used to mark the end of a print statement
{% - Used to mark the start of a block statement
%} - Used to mark the end of a block statement

In Jinja2 the comments is denoted by {#

PreviousFinding the Injection Point NextExploitation

Last updated 1 year ago