- Log in and edit one of the product description templates.
-
Change one of the template expressions to something invalid, such as a fuzz string
${{<%[%'"}}%\, and save the template. The error message in the output hints that the Django framework is being used. -
Study the Django documentation and notice that the built-in template tag
debugcan be called to display debugging information. -
In the template, remove your invalid syntax and enter the following statement to invoke the
debugbuilt-in:{% debug %} -
Save the template. The output will contain a list of objects and properties to which you have access from within this template. Crucially, notice that you can access the
settingsobject. -
Study the
settingsobject in the Django documentation and notice that it contains aSECRET_KEYproperty, which has dangerous security implications if known to an attacker. -
In the template, remove the
{% debug %}statement and enter the expression{{settings.SECRET_KEY}} - Save the template to output the framework's secret key.
- Click the "Submit solution" button and submit the secret key to solve the lab.
Lab: Server-side template injection with information disclosure via user-supplied objects
This lab is vulnerable to server-side template injection due to the way an object is being passed into the template. This vulnerability can be exploited to access sensitive data.
To solve the lab, steal and submit the framework's secret key.
You can log in to your own account using the following credentials:
content-manager:C0nt3ntM4n4g3r
Register for free to track your learning progress
-
Practise exploiting vulnerabilities on realistic targets.
-
Record your progression from Apprentice to Expert.
-
See where you rank in our Hall of Fame.
Already got an account? Login here
