Server-Side Template Injections Explained

I missed you so much, you are such a inspiration for me continuing researching and learning hacking stuff

Dude I love your videos!
I am a Software Engineer and you videos gave me an easy first look into some security topics

Crazy! Great content and loved the background music XD

Love the Mr. Robot reference

Solid video, never thought of making function calls from within templates. You explained it well, and the drawing make it super easy to follow along! Keep it going man

I've watched a handful of videos on this channel so far and the majority of them were new methods of hacking I was completely unaware of! great job!

glad to see you back after a while..be continue as soon as you can

This is so far, one of my favorite internet videos. Amazing to this channel popped up on my TH-cam feed. Thanks for sharing, brilliant video!

Great content! Been waiting for another video for a while now, but it's finally here! :D

literally this is the best channel in TH-cam

Long time no see :]

you are now my new fav channel for when I go back to the basics you make it so much more fun!

you give off a kind of LiveOverflow vibe and i love it

I like you attitude,your accent and voice and also the content you deliver keep making such things for us thank you

the quality of these videos are just excellent, lots of love dude, keep posting more like these :)

0:33 nice reference

Thanks a LOT for that python knowledge! I'm stuck on a python CTF challenge for a long time, and now i made a huge step. Still not done but now I have acces to sys, not to os.

Love you explanation man
You just gained a new subscriber😁

So glad to see you are back!!! Missed your videos!

Thank you. I have been struggling to get my head around this 1 for days

I work with flask professionally I never did this error but this is good to keep in mind thank you

Lesson: sanitize user input.
Golden contents!

0:37 I like the Mr. Robot names you used in there

Nice of you to play my all time favorite song ever in the background

Seen something very useful after months... Thanks man

This is so well done. Great videos on your channel.

This was eyeopening. Well done. Subbed.

Love your videos man!

Missed you

Top notch presentation! 👌
Keep up the great work man!

Can this be bypassed by exec(compile(“import os; os.system(‘id’)”))

great work!! short and sweet, keep it going please!

Please Make Alot Of Videos! I love learning things like this! 🤩

Dude this is cool. Really well explained

Your videos are amazing and hilarious! Keep it up! :)

That was amazing
And im not even a Python coder

Nice video dude keep up

glad to see you back

The king is back

0:36 i like the Mr Robot allusions

Such an awesome explaination. Thanks man

Those tweets on the example website are too funny

DAAAAD WHERE HAVE YOU BEEN I MISSED YOU

Very interesting video. Also perfect length!

That was an amazing video! Thank you.

Great explaination with great art works

wonderful video mate ... explained very well

Simple and Solid Explanation ❤

man please dont stop ur videos please

Such a great video in very low audio humiliate the home theater`s full vol sound.

3:15 British people getting stabbed like:
"Oit there mate, bit rude to put that knoife in me chest innit?"
LMAO

Thanks for sharing this, it's very insightful! Looks like it's time for me to review my code lol

The most interesting things is the beautiful simple website style design you making.
I wonder what are you using to make these simple website (Front-end) for the back-end its clear you are using python flask.

like the way you explained and this theme for displaying code

Loved it!!! Great video!

Love the Mr. Robot references.

hes backkkkk!!!!!11!!!!!11!1!

The legend is back

Love you so much, thanks do great video's :D

Very Educational video
keep it up

pleese heelp
i'v been trying to login in my localbitcoins acount and they tell me csrf cookie not set WHAt this does meaan please need you help and explanation

Lov ur all topics 😍😎😎

rap @ 6:13

this video is awesome thanks!

If you want to know which class of __subclasses__() contains sys/os, you can simply execute the following code and get the position of the module in the subclasses list:
class_l = ''.__class__.__base__.__subclasses__()
for i, val in enumerate(class_l):
try:
val.__init__.__globals__['sys']
print(i, val)
except:
pass

I think this would be good to watch after the entire Log4J part :P

what do you mean when you say to not make (input + code) together?

Best explanation!

Cool video, but
When you say that jinja limits the templates, so that you cannot import, instead of doing "import os; os.system('id')", you could try "__import__('os').system('id')".
[ I don't know if that works, just a suggestion to include in the video ]

Great explanation...you are amazing...

Great teaching, expecting more... From u

Well made video!

You're back!😄

In germany 7*7 is 'feiner sand' (fine sand) cause 7 sounds like the verb to sieve

Thanx alot for the awsome videos brother.

7*7=SSTI 😅
Another great video

Your video is so awesome

LOL I FLINCHED WHEN HE SAID "SUPRISE MOTHER FU". pls keep teaching

Lamo and i use flask to make web apps
Any solution to this? Ig not

Bril jus bril bro! ❤️

Awesome Content 🔥

Is gadget which your are talking. related to gadget chain?

The math teacher I’ve always wanted

Greeeeeat 🎉

I like your videos.
keep it up :)

Missed you !

thanks bro for that video!

Damn. This is so cool!

Very useful thank you for this

boy o boi , i got so many bugs in live applications after learning basics from here

Does jinja filter out __import__?

LMAO Surprise!!! Way To Good 👍 Keep The Videos Coming 😉

I love those Mr Robot references 🤣

Hello! any chance you can send me a link to github of the website vulnerable to ssti? It would help me a lot!

I made it! Thanks.

Immediately press like button before watching...

I love you man

Welcome Back !

Your intro music is cool