Server-Side Template Injection
A Template is simply a reusable and dynamic HTML code, and a template engine helps us compile that template.
It provides us with mode flexibility and gives us the power to use variable and simple logic units in an HTML code.
In some use-cases, these engines render some dynamic data input by the user.
These engines can run some commands on server machines and access some environment variables and local variables.
So if the user input is not verified properly, the user can give some malicious input and get the output when the page is
rendered.
Server-side template injection occurs when:
1. User-supplied data is not validated, filtered, or sanitized by the application and directly embedded into a server side template
2. Using malicious template directives, an attacker may be able to execute arbitrary code and take full control of the web server.
3. Hostile data is used within object-relational mapping (ORM) search parameters to extract additional, sensitive records.
Server-side template injection occurs when:
1. User-supplied data is not validated, filtered, or sanitized by the application and directly embedded into a server side template
2. Using malicious template directives, an attacker may be able to execute arbitrary code and take full control of the web server.
3. Hostile data is used within object-relational mapping (ORM) search parameters to extract additional, sensitive records.
This lab uses django's default template engine, and oviously the input is not filltered properly, try to get the admin password hash exploiting it.