CTFtime.org

Shrine

Points: 190

Tags: ssti web jinja2 

Poll rating:

http://shrine.chal.ctf.westerns.tokyo/

import flask
import os


app = flask.Flask(__name__)
app.config['FLAG'] = os.environ.pop('FLAG')

@app.route('/')
def index():
    return open(__file__).read()

@app.route('/shrine/<path:shrine>')
def shrine(shrine):
    def safe_jinja(s):
        s = s.replace('(', '').replace(')', '')
        blacklist = ['config', 'self']
        return ''.join(['{{% set {}=None%}}'.format(c) for c in blacklist])+s
    return flask.render_template_string(safe_jinja(shrine))

if __name__ == '__main__':
    app.run(debug=True)

Writeups

ActionRatingAuthor team
Read writeup
5.0
 trupples
Read writeup
5.0
 polygl0ts
Read writeup
1.0
 HackXore
Read writeup
5.0
 BambooFox
Read writeup
1.0
 rawsec
Read writeup
4.9
 PwnaSonic
Read writeup
4.2
 DoubleSigma
You need to authenticate and join a team to post writeups

Comments