I'm exploiting an SSTI (server-side template insertion) vulnerability in a website written in flask-python.
My problem is that payload for RCE is being limited by blacklist.
I tried everything with a document that I found to be hyper-detailed but it didn't help me in this case.
Input:
request.form['name']
Blacklist:
blacklist = ["'", '"', "request", "readlines", "+", "%2b", "%22", '%27', "linecache", "add", "join"]
Handle:
if request.method == "POST":
for ban in blacklist:
if ban in request.form['name']:
return render_template_string('Hacker Alert!!!')
payload = request.form['name']
return render_template_string(payload)
